[OpenAFS] bos getlog
Russ Allbery
rra@stanford.edu
21 Jul 2001 11:08:21 -0700
Charles Clancy <mgrtcc@cs.rose-hulman.edu> writes:
> Couldn't we limit the files it grabs to those in /usr/afs/logs?
> I'm just thinking of possible attack scenarios:
> 1. exploit local exploit on AFS client machine to get root
> 2. make a /usr/bin/klog that shows up first in the path and records
> passwords before running the real klog
> 3. grab admin password
> 4. grab and decrypt /etc/shadow on the AFS server
4 is pointless if you have 3; just use bos exec.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>