fischer
10-09-2006, 11:58 AM
Hello there,
when trying to boot another machine using the knoppix-terminalserver
with activated "secure-mode" (Flag for "Secure: Disable root access on
clients"), I still get complete root access on the network-booted
client-machine (sudo, root-console, ...).
The kernel-parameter "secure" is set, and the NFS-Share gets mounted (to
/cdrom) with the "nosuid" option. Unfortunatelly that does not really
achieve anything.
The cloop-device (mounted to /KNOPPIX) and the union-fs (at /UNIONFS)
get mounted without the option, so that all files retain their suid-flags.
I tried this with Knoppix-5.0.1-DE and Knoppix-4.0.2-DE. It's the same
in both cases.
Is this feature broken? Does it work for anyone else? Am I completely
missing something? Any hints?
Thanks,
Greg
when trying to boot another machine using the knoppix-terminalserver
with activated "secure-mode" (Flag for "Secure: Disable root access on
clients"), I still get complete root access on the network-booted
client-machine (sudo, root-console, ...).
The kernel-parameter "secure" is set, and the NFS-Share gets mounted (to
/cdrom) with the "nosuid" option. Unfortunatelly that does not really
achieve anything.
The cloop-device (mounted to /KNOPPIX) and the union-fs (at /UNIONFS)
get mounted without the option, so that all files retain their suid-flags.
I tried this with Knoppix-5.0.1-DE and Knoppix-4.0.2-DE. It's the same
in both cases.
Is this feature broken? Does it work for anyone else? Am I completely
missing something? Any hints?
Thanks,
Greg