From owner-freebsd-security@FreeBSD.ORG Thu Sep 25 07:32:53 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 597EC16A4B3 for ; Thu, 25 Sep 2003 07:32:53 -0700 (PDT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74FA143FA3 for ; Thu, 25 Sep 2003 07:32:51 -0700 (PDT) (envelope-from tillman@seekingfire.com) Received: from blues.seekingfire.prv (blues.seekingfire.prv [192.168.23.211]) by mail.seekingfire.com (Postfix) with ESMTP id 981A5123 for ; Thu, 25 Sep 2003 08:32:50 -0600 (CST) Received: (from tillman@localhost) by blues.seekingfire.prv (8.11.6/8.11.6) id h8PEWoJ25191 for freebsd-security@freebsd.org; Thu, 25 Sep 2003 08:32:50 -0600 Date: Thu, 25 Sep 2003 08:32:50 -0600 From: Tillman Hodgson To: freebsd-security@freebsd.org Message-ID: <20030925083250.H18252@seekingfire.com> References: <20030924122724.V31322@localhost> <200309241555.30825.jesse@wingnet.net> <20030924153355.T55021@walter> <20030924191807.D18252@seekingfire.com> <20030924230228.K55021@walter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030924230228.K55021@walter>; from freebsd-security@dfmm.org on Wed, Sep 24, 2003 at 11:10:55PM -0700 X-Urban-Legend: There is lots of hidden information in headers Subject: Re: unified authentication X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 14:32:53 -0000 On Wed, Sep 24, 2003 at 11:10:55PM -0700, Jason Stone wrote: > > > Well, it's worse than that - since the packets are not authenticated in > > > any way, an active attacker doesn't need to crack passwords - he can just > > > inject his own packets which can have crypted passwords that he knows. > > > > Which is why I use NIS with Kerberos - the passwords aren't in the NIS > > maps and injected fake users won't be authenticated by Kerberos. > > Okay, but I can still set jason's uid the same as tillman's and then use > his dot-files to alias his ssh to a trojan. Or set jason's uid to zero.... How is this attacker injecting packets onto the network? They must have obtained root on the local machine. If they have root on the local machine they can trojan files /anyway/. They can change UIDs around all they want. This situation is dangerous no matter what network authorization system is in use. Running NIS over IPsec would be better, of course, just as running /anything/ over IPsec is generally better. But I don't think that it's trivial to compromise Kerberos+NIS as a regular user. -T -- All beings are Buddha. All beings are the truth, just as they are. Robert Aitken