Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
tất cả quyền lực, đi kèm với an thực tế giá one for example trong chapter này đã Certificate minh. Tất cả is a GIF hoạt hình là close of the package hình ảnh nhiều on a tập tin. Trình duyệt chơi the hình ảnh này become lại vào thời one point, | Chapter 22 22.4 SOCKS Library Home DNS BIND TCP IP sendmail sendmail Reference Firewalls Practical Security Simpo PDF Merge and Split Unregistered Version - http www.simpopdf.com file C Oreilly Unix etc O Reilly Reference Library networking puis ch22_04.htm 8 of 8 2002-04-12 10 45 45 Chapter 20 20.3 Client-Side NFS Security Ị Jmpo PDF Merge and Split Unregistered Version -- WZ www.smw o.n 41 PREVIOUS Chapter 20 NFS SEARCH NEXT 20.3 Client-Side NFS Security NFS can create security issues for NFS clients as well as servers. Because the files that a client mounts appear in the client s filesystem an attacker who is able to modify mounted files can directly compromise the client s security. The primary system that NFS uses for authenticating servers is based on IP host addresses and hostnames. NFS packets are not encrypted or digitally signed in any way. Thus an attacker can spoof an NFS client either by posing as an NFS server or by changing the data that is en route between a server and the client. In this way an attacker can force a client machine to run any NFS-mounted executable. In practice this ability can give the attacker complete control over an NFS client machine. At mount time the UNIX mount command allows the client system to specify whether or not SUID files on the remote filesystem will be honored as such. This capability is one of the reasons that the mount command requires superuser privileges to execute. If you provide facilities to allow users to mount their own filesystems including NFS filesystems as well as filesystems on floppy disks you should make sure that the facility specifies the nosuid option. Otherwise users might mount a disk that has a specially prepared SUID program that could cause you some headaches later on. NFS can also cause availability and performance issues for client machines. If a client has an NFS partition on a server mounted and the server becomes unavailable because it crashed or because network connectivity is lost then