host identity group
Hello,
files which contain a secret to authenticate the local machine like ssh host
key or samba host key are usually read only by root, requiring clients to
acces them with some kind of raised priveledge. The idea behind this is,
that only a trusted program should be able to read out the secret and
engange in an authentication protocol.
Problem is, that this protocol handler must run priveledged even if there is
no need. OpenSSH for example has the ssh-keysign helper, which is using the
hosts private key to make a signature on login.
Idea: have a group "hostadm" or whatever, and make those programs sgid to
this group. Advantage is, that an exploit of those protocol handlers will
maximally compromise the hosts idendity, but not the content on the host.
Possible candidates:
pppd - servers chap secret
ssh_host_id - servers dsa/rsa secret key
nfs4?
kerberos?
nis?
LDAP login credential - credential of an authorized generic user for lookups
smbmount - password file
ssl - secret host key for apache, ssl telnet, etc
I think some of them already use the subsystems runtime user, but I am not
sure if this is a good idea.
Because calling those programs need to be restricted (i.e. by uid) i prefer
a sgid over suid, what do u think?
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: