%% Mark Roach <[EMAIL PROTECTED]> writes: mr> Yup. Install a key-sniffer, wait for the victim to unwittingly mr> type his password.
Why would I type my password on your box? I would never do that, that's not how Kerberos works. As I said, if you can root my box then you can gain my credentials and masquerade as me, although you can't do it without making some kind of potentially detectable change to my system. But that is certainly an order of magnitude more secure than basic NFS, which says that if you can root _ANY_ box on the network, including yours, you can masquerade as me, and further there is no way to detect it. >> You can install trojans, for starters. But at least you have to >> have root access on _their_ box mr> incorrect, see above. Make sure you're familiar with Kerberos. Kerberos, like SSH, never sends passwords to the remote host, so there's no way to get my credentials unless you can install a trojan on MY box. Nothing you can do on YOUR box, even if you're root, can be used to hijack my identity. mr> This is all a moot point though, the fact is that there is no way mr> to secure the data going in and out of a machine such that root mr> can't ever get at it. I guess we have to define what we mean by "security"; there are lots of forms of security. However, I don't agree with your comment above. It may be mostly true for the hosts at the origin and destination of the data, but it can obviously be secured for all intermediate systems. Also, I can envision situations where the server can't read the data, even as root: if the filesystem contains encrypted data that is shared in its encrypted form by NFS, and only decrypted at the client for example then root on the server cannot read it. I do agree that you can't secure the data from root on the client, but again that means you have to root _MY_ box, and that is a much stronger statement, security-wise, because I have control over my box while I (likely) don't have any control over the server or certainly all the other boxes on the network. Anyway, that's not really what I was talking about: I am mostly concerned with securing data so that unauthorized users can't access it in the first place, or at least can't access it with an unauthorized privilege class. mr> There are lot's of attempts at making it difficult (it's called mr> DRM) but it is not something that is possible to completely mr> attain. The sensible person will use the tool that makes the job mr> difficult enough to dissuade the likely attackers based on the mr> level of risk involved (this is assuming that security/complexity mr> are tradeoffs, if there exists a more secure, less complex option, mr> it's a no-brainer). mr> I am not saying that nfs is super-secure here, so I hope nobody mr> gets me wrong. (though I do think that in many cases it is "good mr> enough") My only point in all of this is that if you think other mr> protocols have magic, not-even-root-can-catch-me-now-bwahahaha mr> voodoo, you are mistaken. NFS is only "good enough", IMO, if you don't allow people to have root privileges on their own system. I tend to agree with you that, although not giving out the root password is not a very high bar if people have physical access to the system, it's still probably "good enough" for the typical corporate intranet where you don't expect to get any black hats. Obviously if you're working for the NSA or the CIA, you have a different outlook :). But I think if you give people the root password on their own desktop, the bar is not high enough even for a normal corporate intranet. In fact it's so low you're not even able to guard against what could be considered simple mistakes, and that's too low for comfort for me. Unfortunately, not handing out the root password is really not a viable situation, again IMO, with a desktop system in anything but the most basic environment (like kiosks and POS terminals, etc.) There are a number of things that even basic desktop users need to do with their systems that require root access, such as changing display resolutions and installing new software, not to mention basic troubleshooting like reading the system log files, restarting basic services, etc. -- ------------------------------------------------------------------------------- Paul D. Smith <[EMAIL PROTECTED]> HASMAT--HA Software Mthds & Tools "Please remain calm...I may be mad, but I am a professional." --Mad Scientist ------------------------------------------------------------------------------- These are my opinions---Nortel Networks takes no responsibility for them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
