Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AFS - The Ultimate Sulution?

From: "マグロ原子" <atoom.tonijn () gmail com>
Date: Wed, 20 Sep 2006 13:32:48 +0200
On 9/17/06, Paul Sebastian Ziegler <psz () observed de> wrote:

Yes, it would still be possible to root the system, but how would that
help to get another user?
Even if the system is rooted you would only have access to your own
files and could not even crack other user's pws since they aren't in
your password-file.


Since every machine would run the same image, if your system is
rooted, all others could be.


As you said this requires that the AFS-Server is being kept up to date.
But the Images wouldn't have to be.


Yes they would.


Of course somebody could be hardlogging on a workstation, but it
wouldn't be possible to sniff pws from the kerberos-session due to
encryption.


Again if the system is rooted, it's possible to install a modified
"loader", which loads a modified OS image, which can sniff passwords
and do everything else.

Nyoro~n

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: