[975] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Questions about vulnerability of ticket cache file

daemon@ATHENA.MIT.EDU (David Hinman)
Mon Jun 4 13:39:14 1990

Date: 4 Jun 90 16:30:27 GMT
From: zaphod.mps.ohio-state.edu!samsung!schizo.samsung.com!hinman@ohio-state.arpa  (David Hinman)
To: kerberos@ATHENA.MIT.EDU

Hello,

It seems to me that if my workstation allows more than one login, someone
with the root password can read my ticket cache file and hence impersonate
me.

1) Is this a problem in practice, or have I misunderstood something?

2) If it is a problem, will the next release of Kerberos be providing some
   facility to deal with it?

3) It seems like one solution would be a new device driver, providing 
   ticket cache files that are readable only by the owner and not by root. 
   Is this a reasonable approach?

Thanks,

Dave Hinman                         
Samsung Software America           (508) 685-7200 ext. 124
One Corporate Drive                hinman@samsung.com
Andover, MA 01810                  uunet!schizo.samsung.com!hinman


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[975] in Kerberos

Questions about vulnerability of ticket cache file

daemon@ATHENA.MIT.EDU (David Hinman)Mon Jun 4 13:39:14 1990

daemon@ATHENA.MIT.EDU (David Hinman)
Mon Jun 4 13:39:14 1990