On 9/17/06, Paul Sebastian Ziegler <psz_at_observed.de> wrote:
> Yes, it would still be possible to root the system, but how would that
> help to get another user?
> Even if the system is rooted you would only have access to your own
> files and could not even crack other user's pws since they aren't in
> your password-file.
Since every machine would run the same image, if your system is
rooted, all others could be.
> As you said this requires that the AFS-Server is being kept up to date.
> But the Images wouldn't have to be.
Yes they would.
> Of course somebody could be hardlogging on a workstation, but it
> wouldn't be possible to sniff pws from the kerberos-session due to
> encryption.
Again if the system is rooted, it's possible to install a modified
"loader", which loads a modified OS image, which can sniff passwords
and do everything else.
Nyoro~n
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 20 2006
