[OpenAFS] token theft under XP
Friedrich Delgado Friedrichs
6delgado@informatik.uni-hamburg.de
Thu, 12 Dec 2002 13:55:21 +0100
--LQksG6bCIzRHxTLp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hiho!
Charles Clancy schrieb:
> Scenario:
> 1. domain user 'x' logs in, gets tokens
> 2. 'x' logs out
> 3. local machine administrator goes in and creates local user 'x'
> 4. log in as local user 'x'
> 5. local user has access to the token and drive mappings obtained by the
> domain user
--Zitatende---
Token theft is just as easy on any Unix machine (at least with
Kerberos 5 + AFS):
1. domain user 'x' logs in, gets tokens
2. local root logs in, while 'x's session is still active
3. root steals x's ticket cache (mostly /tmp/krb5_<UID>_something) and
uses it to gain Kerberos 5 Ticket and thereby AFS Token
With kaserver it is probably just as easy, i never used it.
This might be argued as a little less severe, since the Ticket Cache
will be invalidated once the user -- or PAM -- destroys the Kerberos
Ticket.
In my opinion both are non-issues (i.e. not severe at all). Kerberos 5
and thereby AFS is meant to supply a secure means of authentication
for *secure* hosts over an untrusted network.
Both scenarios require elevated privileges and therefore the
precondition of the secure host is violated.
Kind regards
Friedel
--=20
Friedrich Delgado Friedrichs <friedel@nomaden.org>
Laziness led to the invention of the most useful tools.
--LQksG6bCIzRHxTLp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iEYEARECAAYFAj34hzkACgkQCTmCEtF2zEDl2wCfW3BlXayx2KcgoP2BSXfQ6dKI
f84AnRQCiK719A8d/Dkd0vbTzOyrMj6O
=I/B3
-----END PGP SIGNATURE-----
--LQksG6bCIzRHxTLp--