On Tue, 2006-06-20 at 15:30 +0200, Ralf Corsepius wrote: > > > > >> Using /home as a network share is inherently insecure, > > > > > What does that mean? > Paranoia :) > > > Threats To Server Security > > https://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-risk-serv.html > > > > ###### > > "Inherently Insecure Services > > > Another example of insecure services are network file systems and > > information services such as NFS or NIS which are developed explicitly > > for LAN usage but are, unfortunately, extended to include WANs (for > > remote users). > Note: LAN! The link sort-of mentions the problem but isn't very explict about it. > IMO, NFS/NIS are perfectly suitable for use inside of a LAN. Of cause > these services impose a certain level on insecurity, but at a certain > point paranoia has to stop and trust has to start. NFS allows anyone who can become root on any machine allowed to access it (perhaps by booting a Knoppix CD...) to mount and access anything. Even if you don't permit root access, anyone who is root locally can pretend to be anyone else. -- Les Mikesell lesmikesell@xxxxxxxxx
