[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running kdc as unprivileged user

To: =?UTF-8?Q?Michael_Str=C3=B6der?= <michael@stroeder.com>
Subject: Re: Running kdc as unprivileged user
From: =?UTF-8?Q?M=C3=A5ns_Nilsson?= <mansaxel@sunet.se>
Date: Fri, 17 Nov 2006 10:45:57 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <455D836A.5070706@stroeder.com>
References: <20061107073656.GA6459@OCF.Berkeley.EDU><04481E7F6D146A18F7E1CEE6@E3993D2B0BE66833664712A4><455D836A.5070706@stroeder.com>
Sender: owner-heimdal-discuss@sics.se



--On fredag, fredag 17 nov 2006 10.39.54 +0100 Michael StrÃ¶der
<michael@stroeder.com> wrote:

> MÃ¥ns Nilsson wrote:
>> 
>> Having written so much, I do not find running the kdc as root is a very
>> big issue.  The kdc must be secure beyond comprehension anyways... 
> 
> Couldn't there be circumstances under which a vulnerability in the KDC
> can used by an attacker only if the KDC is running as root? Maybe a
> combination of several vulnerabilities?

Yes, of course. That is the rationale for privsep'ing. 
-- 
MÃ¥ns Nilsson                     Systems Specialist
+46 70 681 7204   cell                       KTHNOC
+46 8 790 6518  office                  MN1334-RIPE

I fill MY industrial waste containers with old copies of the
"WATCHTOWER" and then add HAWAIIAN PUNCH to the top ...  They look NICE
in the yard ...

PGP signature

References:
- Running kdc as unprivileged user
  - From: yury@OCF.Berkeley.EDU (Yury Arkady Sobolev)
- Re: Running kdc as unprivileged user
  - From: =?UTF-8?Q?M=C3=A5ns_Nilsson?= <mansaxel@sunet.se>
- Re: Running kdc as unprivileged user
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Running kdc as unprivileged user
Next by Date: Re: config option inconsistencies
Prev by thread: Re: Running kdc as unprivileged user
Next by thread: Re: Running kdc as unprivileged user
Index(es):
- Date
- Thread