FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-18-2008, 10:08 AM
Stephane Durieux
 
Default Nis problem :

Hello

I am encountering a problem with a nis server.
Local root on client* can do* su* user* without* giving* the password of the user.

root squashing is enabled.

What can I do

Thanks for reply

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
 
Old 04-18-2008, 11:33 AM
Eduardo M KALINOWSKI
 
Default Nis problem :

Stephane Durieux wrote:
> Hello
>
> I am encountering a problem with a nis server.
> Local root on client can do su user without giving the password
> of the user.
>
> root squashing is enabled.
>
> What can I do

I do not know if NIS changes something, but the default behavior is that
root can su to any user without giving the password of the user. (And
this is exactly the point of su.)


--
T-shirt:
Life is *not* a Cabaret, and stop calling me chum!

Eduardo M KALINOWSKI
ekalin@gmail.com
http://move.to/hpkb


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-18-2008, 12:09 PM
"Arvind Marathe"
 
Default Nis problem :

On Fri, Apr 18, 2008 at 5:03 PM, Eduardo M KALINOWSKI <ekalin@gmail.com> wrote:
> Stephane Durieux wrote:
> > Hello
> >
> > I am encountering a problem with a nis server.
> > Local root on client can do su user without giving the password
> > of the user.
> >
> > root squashing is enabled.
> >
> > What can I do
>
> I do not know if NIS changes something, but the default behavior is that
> root can su to any user without giving the password of the user. (And
> this is exactly the point of su.)

I think he meant that the root on the NIS client machine can access
any nis user account without giving the passwd. So as NIS client root,
the command

su nis-user

logs into the nis-user account without requiring any passwd. I think
the client root 'sees' all NIS users as local users. Root squash on
the NIS server merely makes sure that the NIS client root cannot
access NFS mounted directories. The problem is described here as well:

http://blog.taragana.com/index.php/archive/full-disclosure-nis-security-hole-full-access-by-nis-client-root/

I am facing the same problem and haven't found any solution.

Arvind


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org