[38770] in Kerberos
Re: MIT Kerberos Master principal deletion
daemon@ATHENA.MIT.EDU (Harshawardhan Kulkarni)
Wed Jun 17 11:09:32 2020
From: Harshawardhan Kulkarni <harshawardhan.rk@gmail.com>
MIME-Version: 1.0 (1.0)
Date: Wed, 17 Jun 2020 12:35:42 +0100
Message-ID: <8011B640-39C0-4AF5-9629-465E1B65EF95@gmail.com>
In-Reply-To: <BL0PR02MB453290B526E8AD3571793979BB9D0@BL0PR02MB4532.namprd02.prod.outlook.com>
To: "D'Angelo, Jeff C" <jcd@psu.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Jeff,
I have found the stash file, can I recover the master key from this file? Do you know any good links to follow?
Thanks
Harsh
Sent from my iPhone
> On 16 Jun 2020, at 04:07, D'Angelo, Jeff C <jcd@psu.edu> wrote:
>
>
> Would the stash file help here (if it exists)?
>
> --
> Jeff
>
> From: kerberos-bounces@mit.edu <kerberos-bounces@mit.edu> on behalf of Chris Hecker <checker@d6.com>
> Sent: Thursday, June 11, 2020 6:54 PM
> To: Nico Williams <nico@cryptonector.com>
> Cc: Harshawardhan Kulkarni <harshawardhan.rk@gmail.com>; kerberos@mit.edu <kerberos@mit.edu>
> Subject: Re[2]: MIT Kerberos Master principal deletion
>
>
> > I don't think it would make it harder.
>
> I just mean because you won't be able to set a breakpoint at a function
> that uses the key, you'll have to actually chase it around in memory
> (assuming you use something like gcore to dump it as fast as possible
> without regard to where it is executing when it's dumped).
>
> If I was doing this live, I'd set a breakpoint on some function that
> used the key to decrypt and then inspect there, but with a core file
> you'll need to make sure you can find all the structures first.
>
> Is realm_mkey in the kdc_realm_data struct the one he wants?
>
> Chris
>
> ------ Original Message ------
> From: "Nico Williams" <nico@cryptonector.com>
> To: "Chris Hecker" <checker@d6.com>
> Cc: "Harshawardhan Kulkarni" <harshawardhan.rk@gmail.com>;
> "kerberos@mit.edu" <kerberos@mit.edu>
> Sent: 2020-06-11 15:31:28
> Subject: Re: MIT Kerberos Master principal deletion
>
> >On Thu, Jun 11, 2020 at 10:19:39PM +0000, Chris Hecker wrote:
> >> Maybe dump the core of the running process so you don't accidentally crash
> >> it while trying to debug it live? But that would make finding it in memory
> >> even harder...
> >
> >I don't think it would make it harder.
> >
> >BTW, we should make it much harder to delete important principals...
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.mit.edu%2Fmailman%2Flistinfo%2Fkerberos&data=02%7C01%7Cjcd%40psu.edu%7C5ecb0ae46a0f4206310108d80e5b131f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637275131630535798&sdata=slErWkRJAvfE0nd%2BMESCEFY5Ucx8c79mIpMN%2BwFBMz8%3D&reserved=0
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
