Bugtraq mailing list archives
Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve
From: alecm () COYOTE UK SUN COM (Alec Muffett)
Date: Wed, 19 Apr 2000 11:20:53 +0100
Such a database is all good and fine, but it inheritly has at least one weakness: an attacker can install an old, but genuine Sun binary with a security hole in it. If you did a post mortem and found such a file, would you say "I must have forgotten to update that file" or would you say "There is something rotten in the State of Denmark"?
Well, let's be frank, there are even more creative theoretical attacks on such a database-based checking system, involving subtle trojan horses which could hide "naughty" files from readdir() by kernel patching, or something similar that would read() one file's contents when MD5 is hashing it, but exec() some other chunk of binary data entirely... We think that the SFPdb is a step in the right direction; and yes, it is precisely because of the above possibilities that we're considering carefully what'd be the "right thing to do" in terms of extending the service by providing it in more popular/flexible formats.
(Nevertheless, your database is obviously much better than having nothing at all.)
That was our take on it, too. - alec (CGI guy and ideas geek, SFPdb project) -- alec muffett - sun professional services - alec.muffett @ uk.sun.com [your free random numbers for today are: 25661 29] everybody wants a rock to wind a piece of string around
Current thread:
- Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Morten Welinder (Apr 18)
- Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Alec Muffett (Apr 19)
- Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability psirt () CISCO COM (Apr 19)