*BSD News Article 68541


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!inquo!bofh.dot!in-news.erinet.com!bug.rahul.net!rahul.net!a2i!ddsw1!news.mcs.net!not-for-mail
From: les@MCS.COM (Leslie Mikesell)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Can FreeBSD mount Netbeui volumes?
Date: 14 May 1996 23:51:44 -0500
Organization: /usr/lib/news/organi[sz]ation
Lines: 50
Message-ID: <4nbnt0$ndo@Mercury.mcs.com>
References: <postmaster-0905961001120001@206.65.200.5> <319404CD.33E93F68@lambert.org> <4n1urr$rjj@uriah.heep.sax.de> <31950D9C.15C6228A@lambert.org>
NNTP-Posting-Host: mercury.mcs.com

In article <31950D9C.15C6228A@lambert.org>,
Terry Lambert  <terry@lambert.org> wrote:

>But the security model in BSD (and UNIX, in general) needs to
>change for it to be practical for anything but single user
>machines not offering authentication services (telnet/rlogin/ftp/
>http/gopher/nfs/etc.).

I disagree. 
(a) Authentication is up to the whim of the person who
knows the root password on any unix machine (at least if
you are relying on uid's reported by that machine).  If you
don't trust the root user to treat resources appropriately you
shouldn't let that machine have access.  If you do trust
the root user, then you should let him protect the mount
points appropriately.
(b) We may be talking about WFWG servers here which don't
have much in the way of user concepts.
(c) Fully shared access to files may be appropriate for
certain uses.

>] However, the security considerations are to be taken serious.
>] I could however think of a model where an SMB file system can
>] be used to access all the services marked `public'.
>
>You could, but it redefines public from meaning "accessable to
>any authenticated user" to meaning "accessable to any user,
>authenticated or not".

Only if the authenticated root user on the remote machine decides
to make it so.

>Because the UNIX box would authenticate once and could
>credential gateway by proxy any user from the internet or
>dialup lines onto the thing.  Which violates the credential
>model in SMB (which doesn't support the concept "proxy").

Yes, that may be what you want.  If it isn't don't make
the mount point accessable to anyone else.

>Any time you start permitting proxy when "emulating" a DOS
>client to a network server (LANMan, NetWare, ATP, etc.), you
>break security.

But servers that rely on client politeness already have broken
security.  Are you suggesting that operating systems should
omit all features that have the potential to be misused?

Les Mikesell
  les@mcs.com