There are many implicit trust relationships in computer systems.
It is crucial to understand them. If you do not understand where
you are placing your trust, your trust can be exploited by
attackers who have thought more carefully than you have.
For example, any NFS server of users' home-directories trusts the root
user on the hosts which mount those directories. Some bad accidents
are prevented by mapping root to the user nobody on remote systems,
but this is not security, only convenience. The root user can always
use `su' to becomes any user in its password file and access/change
any data within those filesystems. The .rlogin and hosts.equiv files
on Unix machines grant root (or other user) privileges to other hosts
without the need for authentication.
If you are collecting software from remote servers, you should make
sure that they come from a machine that you trust, particularly if
they are files which could lead to privileged access to your system.
Even checksums are no good unless they also are trustworthy.
For example, it would be an extremely foolish idea to copy a binary
program such as /bin/ps from a host you know nothing about. This
program runs with root privileges. If someone were to replace that
version of ps with a Trojan horse command, you would have effectively
opened your system to attack. Most users trust anonymous FTP servers
where they collect free software. In any remote copy you are setting
up an implicit trust relationship. First of all you trust integrity
of the host you are collecting files from. Secondly you trust that
they have the same username database with regard to access
control. The root user on the collecting host has the same rights to
read files as the root user on the server. The same applies to any
matched user name.
Please take a moment to fill out
this visitor survey You can help support this site by
visiting the advertisers that sponsor it! (only once each, though)
