Full Disclosure mailing list archives
Re: openssh exploit code?
From: Peter Busser <peter () adamantix org>
Date: Mon, 13 Oct 2003 12:29:53 +0200
Hello Security Snot,
You probably enjoy the multiple levels of admitted "obscurity features" (check the Brad Spengler vs. OpenBSD Team threads just about anywhere, Theo's quotes on w^x being an "obscurity feature" to thwart attacks from lesser skilled attackers - since after all, the lesser skilled attackers are the real threat, right?).
Are you refering to the following discussion? http://archives.neohapsis.com/archives/openbsd/2003-04/1678.html I think you haven't thoroughly read the discussion. The obscurity features refered to in this case are the various address space layout randomisation (ASLR) features. ASLR is just one of the W^R features. The ASLR is indeed an obscurity feature. It depends on the assumption that the attacker does not know the exact placement of the executable/libraries/stack/heap in memory. It is a public secret that secure systems do not exist and are not technically possible at this time. And that is just the technical side of the problem, there is also a social aspect to security, which is a whole different can of worms. As such, ASLR is not the final answer to security problems. It is just a way to raise the bar, and hope that noone is able to jump over it. Encryption is also an ``obscurity feature''. And encrypted passwords have been known to be crackable. Does that make encrypted passwords any less valuable? I don't think so. The following message proves that at least it is effective against some attacks: http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it This is of course about PaX and not W^R, but the basic feature set is more or less similar (although PaX predates W^R, lest anyone starts accusing PaX people from copying features from OpenBSD).
So yeah, FUD. If I told you there are still exploitable preauthentication bugs in OpenSSH, would that just be FUD too? FUD until the next advisory is published on that horribly designed codebase, FUD until the threat is demonstrated, right? Bet you'd like to see yourself eat your words, so you can generate a little more revenue with your security job. . .
There are probably tons of vulnerabilities in OpenSSH. It is after all a rather complicated piece of software. It is a public secret that complex software often contains serious bugs. So what exactly is your point? Why are you restating the obvious? And when you talk about credibility, I think you are the one here who has a credibility problem. I mean, you shout about things you apparently do not fully understand. Take the ``obscurity feature'' above, you use one feature of a set of different features to dismiss the usefullness of the whole set. That is not really a logical thing to do. That is no problem, I mean, you don't have to feel ashamed about not understanding something complicated. You are certainly not alone, everyone has things he/she does not understand (I know I don't understand many things). Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- openssh exploit code? S . f . Stover (Oct 11)
- Re: openssh exploit code? Henning Brauer (Oct 11)
- Re: openssh exploit code? S . f . Stover (Oct 11)
- Re: openssh exploit code? security snot (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? security snot (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? Daniel (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 11)
- Re: openssh exploit code? Peter Busser (Oct 13)
- Re: openssh exploit code? Ted Unangst (Oct 13)
- Re: openssh exploit code? Henning Brauer (Oct 13)
- Re: openssh exploit code? Shawn McMahon (Oct 13)
- Re: openssh exploit code? S . f . Stover (Oct 19)
- <Possible follow-ups>
- re: openssh exploit code? mitch_hurrison (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)
- Re: re: openssh exploit code? John Sage (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)
- Re: re: openssh exploit code? Valdis . Kletnieks (Oct 20)
- Re: re: openssh exploit code? S . f . Stover (Oct 20)
- Re: re: openssh exploit code? pandora (Oct 20)