Problems with private keyring?

[Dave Dykstra]

On Thu, Mar 22, 2001 at 05:59:21PM +0100, Matthias Urlichs wrote:
> Arno Wagner:
> > However as Werner Koch pointed out this is comparable to an 
> > attack that replaces the GunPG binary with a trojan horse.
> Not quite.
> 
> > as root it depends. I would say hacking an individual user
> > with good password is not significantly easier than hacking 
> > root. 
> 
> ... unless you have an insecure NFS environment (even if root is mapped
> to nobody, anybody can access anybody else's home network directory
> by locally creating a user with the same UID).
> 
> This method can be used to gain the target's UID on their workstation
> if network logins are allowed and setuid on the network volumes is not
> disabled, or if there's a security hole on the target system, or ...
> 
> There are many places out there who have neither of these security
> problems plugged.  :-/   Thus I agree that while panic is inappropriate,
> we shouldn't trivialize the problem either. It _does_ allow some people
> to gain access to secret keys who couldn't get it so otherwise.


Except that if you have one of those ubiquitous insecure NFS environments
it is also trivial for a cracker to (for example) edit a user's .rhosts,
.ssh/authorized_keys, or .profile to execute any code he/she wants as that
user.  From there it is easy to crack root too, even if root is mapped to
nobody, by modifying a system administrator's login or in many cases one of
the other non-root system ids like 'bin' or 'sys'.  So I agree with Arno.

A lot of system administrators try to reduce the NFS risk by not allowing
users to log in as root on their workstations, but that's trivial to overcome
by simply booting from a operating system distribution floppy or CD.

- Dave Dykstra