Re: NFS Security Question
From: Ryan Russell (ryan@securityfocus.com)Date: 08/15/01
- Previous message: Darren Moffat: "Re: NFS Security Question"
- In reply to: Darren Moffat: "Re: NFS Security Question"
- Next in thread: Ryan Russell: "Re: NFS Security Question"
- Next in thread: Matthew Collins: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Aug 2001 19:46:19 -0600 (MDT) From: Ryan Russell <ryan@securityfocus.com> To: Darren Moffat <Darren.Moffat@eng.sun.com> Subject: Re: NFS Security Question Message-ID: <Pine.GSO.4.30.0108141942580.19939-100000@mail>
On Tue, 14 Aug 2001, Darren Moffat wrote:
> But if you have that level of access to the machine and can convince Bob
> to login to it it would be much easier just to install a fake login
> program and capture his password and then do the dirty deed on his own
> machine when he has left his office (or remotely).
Well, I thought of that... but that's the point of Kerberos, right? Even
if my machine is participating as a Kerberos client for allowing other
people to log in, I can't steal anything that gives me a long-term ability
to pretend to be Bob. And hopefully, the item that is presented to my
machine when Bob comes on should be of limited usefulness, and wouldn't
allow me to do everything Bob could normally do while that ticket was
good?
Ryan
- Previous message: Darren Moffat: "Re: NFS Security Question"
- In reply to: Darren Moffat: "Re: NFS Security Question"
- Next in thread: Ryan Russell: "Re: NFS Security Question"
- Next in thread: Matthew Collins: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
