Re: AFS - The Ultimate Sulution? -- What is the point?

["Brian Eaton" <eaton.lists () gmail com>]

On 9/17/06, Paul Sebastian Ziegler <psz () observed de> wrote:
> Yes, it would still be possible to root the system, but how would that
> help to get another user?

As someone else in this thread pointed out, usability is probably a
more important concern than security with this system design.  As an
example of how usability and security may conflict here, consider file
shares.  Users need to do this as part of their jobs.  The more a
group of users work together, the more opportunity for compromise.

> As you said this requires that the AFS-Server is being kept up to date.
> But the Images wouldn't have to be. Apart from this AFS hasn't had a
> major security-issue in the past several years.

This is odd.  MIT kerberos releases security patches a few times a
year, doesn't AFS need those patches?

> Of course somebody could be hardlogging on a workstation, but it
> wouldn't be possible to sniff pws from the kerberos-session due to
> encryption. So also a rooted workstation with eth0 put into promiscuous
> mode would be of no use.

Attackers always cheat.  This system is so restrictive that the
attacker might get some help when users need to cheat the system in
order to do their jobs.

This system would definitely be a step-up security-wise from giving
everybody their own workstation and letting them handle their own
maintenance, but I suspect that a motivated attacker would find a way
in.

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/