MIT Krb5 + SELinux
Sam Hartman
hartmans at MIT.EDU
Thu Apr 15 09:42:36 EDT 2004
>>>>> "Jerome" == Jerome Walter <walter+kerberos at efrei.fr> writes:
Jerome> Difficult is not enough ;) Yes, for now, i created 3
Jerome> different contexts, for kdc, kadmind and kerberos
Jerome> applications. The restriction is fairly strict and a
Jerome> compromised kdc should not mean possibility to get a root
Jerome> priviledge, nor change any passowrds in the realm.
But difficult is all you get. If I can execute arbitrary code in the
kdc context, I can read keys from the database and transmit them over
thenetwork. I then break in with a kadmin request.
The KDC is fundamentally part of the TCB. You can make exploiting it
harder, but a bug in the KDC that leads to arbitrary code execution
does compromise the authentication infrastructure.
More information about the Kerberos
mailing list