[396] in Zephyr_Bugs
Re: zwgc regetting tickets
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Mon Jul 20 18:46:06 1992
Date: Mon, 20 Jul 92 18:45:38 EDT
From: "Mark W. Eichin" <eichin@cygnus.com>
To: Derek Atkins <warlord@seuss.bellcore.com>
Cc: lwvanels@MIT.EDU, bug-zephyr@Athena.MIT.EDU, greg@duke.cs.unlv.edu
In-Reply-To: [395]
Having xscreensaver get tickets is a security risk in two different
ways:
1) Unless the local machine has a srvtab that xscreensaver can
read, it is possible to spoof xscreensaver's tgt request (with a flood
of packets with a known key.) This gets you access to the user's
session, perhaps including existing authentication, remote sessions,
and tickets -- far more of a threat than simply spoofing login (since
even if you log into the machine, you don't have any authentication to
anything further away.)
2) You don't have a "trusted path" to the screensaver. If I
want your password, I simply reboot your xterminal, log in, fire up
another screensaver that exactly matches yours, and then when you
enter your password, test it and then transmit it somewhere (and then
crash the server or something to cover your tracks.) Granted, xlogin
has the same hole (very few systems since Multics have dealt with this
problem) but it is a very good reason to have a distinct screensaver
password that isn't used anywhere else.
There was some discussion of making this addition to the
Athena screensaver, and after some brainstorming these two threats
were uncovered; both are rather serious likelihoods in a public
workstation environment, perhaps less of a threat to workstations in
locked offices.
_Mark_ <eichin@athena.mit.edu>
MIT Student Information Processing Board
Cygnus Support <eichin@cygnus.com>
