>So why is storage in files so much more dangrous than storage in >memory? If one happens to get a process which can read the files in >local /tmp, why could that process not modify any of /proc/<pid>/mem >on the same computer to get at the ticket cache anyway?
A fair question. I mean, conceptually, if the end system is compromised in theory everything is vulnerable. But the real world is a bit messier. What I discovered when doing post-attack analysis is that not all attackers are that sophisticated. The ones we dealt with mostly had a few basic recipes for attack; they weren't developing new ones. I am sure my credential cache would not survive a nation-state level attack, but it sure did stop the ones we were experiencing and I am not aware of any credential cache theft attacks we have experienced since then. We have been migrating to KEYRING on Linux systems, which is better in that the the credentials are stored in kernel memory and not user space. The other advantage that occurs to to in-memory credential caches vs file credential caches that occurs to me is that's very easy to trawl the filesystem to look for credential caches. Scanning the entire OS memory is much harder. --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
