Full Disclosure: NIS Security Hole / Full Access by NIS Client Root

Several years ago I noticed a big issue with NIS security at Sun, which I promptly reported hoping for a patch. Today I found out it is still there. Hopefully a full disclosure will help solve it. In typical NFS-NIS setup, users on NIS client machines login to their NIS accounts (like Windows users login to their domain server). Normally root access in local machines are provided to users to make it easy to install software. In NIS, by default, root squash feature is implemented which prevents local root account from accessing NIS mounted directories. So far so good. However, unknown to most, a bug in NIS implementation allows local root accounts to access all information in any NIS users accounts.

Full article (319 words) »

HSBC Bank Will Adopt SUSE Linux With Microsoft’s Support

Major international bank HSBC will standardize its Linux deployments on Novell's SUSE distribution, with Microsoft's premium support.

Full article (123 words) »
Protected by Comment Guard Pro