funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This sounds like a security disaster just waiting to happen...

From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 29 Apr 2009 16:16:10 -0400
On Wed, Apr 29, 2009 at 12:27:41PM -0700, Steve Pirk wrote:

So, Microsoft has implemented a squid like server as part of their gateway 
solution for office connections to the net. If done correctly, sould be 
safe enough, no?


Well...I'm not so sure.  I mean, if we grant the "done correctly" part
for the sake of argument, it sounds to me like a file F requested by
user A on system X may be cached on system Y used by user B, even if
user B does not have the appropriate permissions for file F.  If that's
the case, and it may not be, then a security issue with system Y or
user B could expose file F.

Is this how others are reading it?

---Rsk

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: