[BBLISA] Secure, authenticated file serving to untrusted clients
Alex Aminoff
alex at basespace.net
Fri Apr 17 21:54:53 EDT 2009
Ben Eisenbraun wrote:
> Howdy,
>
> I'm looking for a file serving method that lets me securely share files out
> to clients with untrusted root users.* I.e. if user home directories are on
> a read-write network volume, I want to stop root on a workstation from doing:
>
> rm -rf ~user
>
> or
>
> su - user
> rm -rf ~
>
> * Yes, I know that if someone has root on the workstation, then all bets
> are off, since they can trojan kinit to collect passphrases, steal tickets,
> etc. I'm just trying to raise the bar significantly higher than the
> standard NFS level of (in)security.
>
> >From what I understand of NFSv4, if I set it up to use kerberos, then I can
> do this, since only a user with a valid kerberos ticket will be able to
> access the files on the share. It seems like a kerberized solution could
> work here, but I'm not sure what protocol to use.
>
> I'm looking for a solution that would work on Linux and OS X. The NFSv4
> support is fairly limited under OS X right now. Can Samba/CIFS do this?
> AFS? Other?
>
My thought would be sshfs. It is still vulnerable to a trojaned ssh
client binary, or something similar that reads the ssh passphrase and/or
key out of memory, but that is a bit better than "su - user". It is
based on FUSE.
http://fuse.sourceforge.net/sshfs.html
I know of one person who uses it to mount their home directory at one
place to their workstation at another institution. It seems to work with
no issues.
- Alex Aminoff
BaseSpace.net
More information about the bblisa
mailing list