On Sep 17, 2006, at 11:05 , Brian Eaton wrote:
>> As you said this requires that the AFS-Server is being kept up to
>> date.
>> But the Images wouldn't have to be. Apart from this AFS hasn't had a
>> major security-issue in the past several years.
>
> This is odd. MIT kerberos releases securit
On Sep 17, 2006, at 10:03 , [EMAIL PROTECTED] wrote:
> Go back and re-read the last few batches of AFS updates, and ask
> youself
> for each bugfix "Could this *potentially* have been leveraged by a
> clued
> hacker?".
I haven't noticed many issues beyond potential denial of service
attacks
On 9/17/06, Paul Sebastian Ziegler <[EMAIL PROTECTED]> wrote:
> Yes, it would still be possible to root the system, but how would that
> help to get another user?
As someone else in this thread pointed out, usability is probably a
more important concern than security with this system design. As a
On Sun, 17 Sep 2006 13:38:32 +0200, Paul Sebastian Ziegler said:
> As you said this requires that the AFS-Server is being kept up to date.
> But the Images wouldn't have to be. Apart from this AFS hasn't had a
> major security-issue in the past several years.
AFS hasn't had a magor security issue
Those are good ideas to push the concept even further.
But this was a mindgame anyway. In answer to what Maguro said:
Yes, it would still be possible to root the system, but how would that
help to get another user?
Even if the system is rooted you would only have access to your own
files and could
why not just use a dumb terminal if you are going to go to all that trouble?
-JP
On 9/15/06, Dean Pierce <[EMAIL PROTECTED]> wrote:
> There is the convenience issue of the speed that the image transfers
> across the network.
>
> There is also the issue that infected workstations may be collecting
There is the convenience issue of the speed that the image transfers
across the network.
There is also the issue that infected workstations may be collecting
passwords.
My suggestion would be to use the harddrives in the workstation to store
the boot images, and have the minimal operating system
In-Reply-To: <[EMAIL PROTECTED]>
I don't really see the point... Possible vulnerabilities (if I didn't
horribly misunderstand something):
*The AFS server would still need to be updated to keep it secure.
*If the imaged OS is rootable:
**The AFS clients that load the images could be replaced by ph