Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smbmount vs. smbclient



On 3/15/07, gboyce <gboyce at badbelly.com> wrote:
> The UID restrictions are honored (or not) by the client system.  If your
> files are owned by UID 100 which should be mapped to your user, I can read
> your files by creating a new user with uid 100 on my system.

I didn't recommend to use NFS to keep it secure.  I recommended NFS
over SMB for speed, since it should be assumed that LAN users are
trusted -- given a properly secured exterior (WAN/Wireless).

> On SMB file shares access to the files are restricted to an authenticated
> user.  Yes, you can break the encryption placed on the file transfers, but
> that will only work if you have the ability to listen to all network
> traffic which is difficult on a switched network.

Difficult?
# aptitude install dsniff
# arpspoof 192.168.1.1

> On a network in which you cannot trust the users and systems this means
> that a skilled attacker can potentially read files transfered by SMB while
> a less skilled attacker can pull ALL files from your NFS file server.

I totally agree.  In any event, the topic is moot and we should move
on.  No one wants to hear grumblings about it I'm sure, and I'm
starting to look like a jerk for trying to make my point on security
here...where I think my original points were misunderstood by the
thread initiator...
-- 
Kristian Hermansen

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org