MIT Krb5 + SELinux

Jerome Walter walter+kerberos at efrei.fr
Wed Apr 14 20:15:52 EDT 2004


On Wed, Apr 14, 2004 at 12:02:46PM -0400, Sam Hartman wrote:
> I cannot think of anything that Kerberos applications need other than
> network and urandom.

That's perfect.

> You probably want to make it difficult for either the KDC or the
> kadmind to execute other programs or switch domains to limit the
> efficacy of a compromise.

Difficult is not enough ;) Yes, for now, i created 3 different contexts,
for kdc, kadmind and kerberos applications. The restriction is fairly
strict and a compromised kdc should not mean possibility to get a root
priviledge, nor change any passowrds in the realm. 

Now, i have to find an exploit in the kdc to test if i am right ;).

Jerome
-- 
-+--   Jerome Walter - 	EFREI p2004		          ----+-
       Mail *is* private


More information about the Kerberos mailing list