On 11/21/2011 02:55 PM, Stephen Gallagher wrote:
Granted, that's a bit of a contrived example, but as a rule I
tend to
feel that data like this should be configured centrally, rather than
updated by clients. First rule of security: always assume your clients
are malicious.
I see. I needed this purely for auditing computers on LAN - so no
big danger of malicious clients.
Even in your (indeed contrived) example could the malicious application cause to disjoin
machine from AD/IPA domain or perform DOS attacks
against the servers. Eventually:
1. Even if we agree that we will set it up once upon machine join, the malicious client
can change it any time later. So no big difference here.
2. Even Microsoft AD clients (AD member computers) do it this way I believe.
I think in all cases you have to (to some extent) either trust your clients to make damn
sure that no user application can gain root
privileges. Even such a well perceived protocol like Kerberos can not protect you against
malicious root application running on your desktop.
So, with all respect, I do not take your arguments.
Ondrej