[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: security issue KDM (OT)
From:       David Berner <david.berner () irisa ! fr>
Date:       2003-07-30 12:35:25
[Download RAW message or body]


Thiago Macieira wrote:
> So you're asking us to detect that the system was configured for NIS and drop 
> all support for NIS? Besides, if a user has root on a system, he can do 
> anything. It's not KDE that's going to block it.

ok, I agree. and apologize for the slight off topic.

> It's not an attack. It's how NIS works. In NIS authentication, it's the client 
> that authenticates, not the server. The server just provides the encrypted 
> password to authenticate against. That happens because there's no such thing 
> as a "network UID", so any root-privileged process on the client can simply 
> setuid() to any UID. There's no authentication in that.
>
> Anyways, as said before, the problem is on the server, not on the client. If 
> you run a NIS/NFS network, the admin must make sure that he's the only one to 
> have root on _all_ workstations. As for the CD-ROM problem, it's easy: put a 
> password on the BIOS setup and don't allow the bootmanager to select another 
> configuration than the default one.

so KDE is fine, but NIS has got a problem there. IMHO it is very hard to 
  assure this physical integrity that semms to be required. Just plug 
out  the network cable of any machine, plug your laptop with the same IP 
and you are in. this is not acceptable. is there an alternative to nis 
(without this kind of problem).

again sorry for the OT, and thanks for your comments. this is my last 
message here.
david

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]