[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running kdc as unprivileged user





--On fredag, fredag 17 nov 2006 10.39.54 +0100 Michael Ströder
<michael@stroeder.com> wrote:

> MÃ¥ns Nilsson wrote:
>> 
>> Having written so much, I do not find running the kdc as root is a very
>> big issue.  The kdc must be secure beyond comprehension anyways... 
> 
> Couldn't there be circumstances under which a vulnerability in the KDC
> can used by an attacker only if the KDC is running as root? Maybe a
> combination of several vulnerabilities?

Yes, of course. That is the rationale for privsep'ing. 
-- 
MÃ¥ns Nilsson                     Systems Specialist
+46 70 681 7204   cell                       KTHNOC
+46 8 790 6518  office                  MN1334-RIPE

I fill MY industrial waste containers with old copies of the
"WATCHTOWER" and then add HAWAIIAN PUNCH to the top ...  They look NICE
in the yard ...

PGP signature