On Tue, 28 Mar 2000, Atro Tossavainen wrote:
> I was reading through the documentation on your AFS patches to SSH
> as I will probably be needing the package in the near future.
i suggest using OpenSSH instead, which has krb4/AFS support integrated,
and is more actively maintained. see http://www.openssh.com/
> I was under the impression that local .Xauthority files would be worse
> than those on AFS homes - breaking local root on a client host should
> be considerably easier than breaking AFS, or else I am in deep shit :)
an attacker with root on an AFS client has access to all local users'
Kerberos ticket files (enabling AFS token acquisition), and at the very
least, access to /usr/vice/cache. so having .Xauthority in AFS doesn't
really buy you anything, when an attacker could just trojan xauth anyhow.
two reasons for using local .Xauthority files with AFS home directories:
1. Unix file permissions don't mean much in AFS, and xauth can't very well
enforce ACLs on users' home directories, so there is no guarantee that
~/.Xauthority isn't world-readable.
2. AFS traffic is cleartext (unless you've hacked your client to encrypt,
which nobody does), so your .Xauthority file goes over the wire in the
clear. this is as bad as cleartext telnet authentication.
-d.
---
http://www.monkey.org/~dugsong/
