[DGD] Changing connect() (network package)
bart at wotf.org
bart at wotf.org
Wed Jan 2 07:37:44 CET 2008
On Tue, 1 Jan 2008 19:03:55 +0100, Felix A. Croes wrote
>
> This is like Bart's objection to using a one-time password. An
> additional point of failure does not mean an additional
> vulnerability;
It does at least statistically.
More code means more bugs which means more potentially abusable bugs, hence
more vulnerabilities.
> if it is possible to obtain this password with less
> access than it would take to obtain a mud admin password, that's
> where the fault lies.
If said daemon has a vulnerabiliy then that could easily happen, without any
vulnerability in access control being abused even.
> In your case, a denial of service attack can
> be mounted on any port, not just the one reserved for the external connection
> daemon.
>
> The problem and solution are trivial.
...
If you have outgoing connectivity in the driver, and limit it to System in the
kernel, then any time a random guest coder can get access to it, the fault
lies in them getting access, not in external connections.
Considering what you can do with the auto object, the problem and solution are
trivial ... In theory.
>
> Happy New Year, everyone!
Same to you :)
Bart.
--
Created with Open WebMail at http://www.bartsplace.net/
Read my weblog at http://soapbox.bartsplace.net/
More information about the DGD
mailing list