[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sticky authentication/authorisation issues

>>>>> "Brandon" == Brandon S Allbery KF8NH <allbery@ece.cmu.edu> writes:

    Brandon> You should avoid accessing such mechanisms from hosts
    Brandon> whose security you don't trust.  In our case, that would
    Brandon> be machines on the Computing Facilities subnet (and, when
    Brandon> possible --- i.e. ssh public keys --- you constrain their
    Brandon> use (and, if possible, access to them) to that subnet).

Its not just the security of the host you have to trust, its also the
security of every program installed and running that has read access
to the ticket, too.

eg. a web browser could potentially have a security flaw in
JavaScript, Java, or something else that allows running commands it
should not be allowed to have. A document could have an embedded macro
that does nasty things using your Kerberos ticket. Alternatively, even
if it doesn't have access to the Kerberos ticket, maybe it can trick a
program that does have access (e.g. by sending keystroke events,
setting up fake keyboard bindings, macros, or similar).

Yes, these are more common on Windows and Microsoft Programs instead
of Linux, but some people do use Windows, and some of them might use
Brian May <bam@snoopy.apana.org.au>