funsec mailing list archives
Re: This sounds like a security disaster just waiting to happen...
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 29 Apr 2009 16:16:10 -0400
On Wed, Apr 29, 2009 at 12:27:41PM -0700, Steve Pirk wrote:
So, Microsoft has implemented a squid like server as part of their gateway solution for office connections to the net. If done correctly, sould be safe enough, no?
Well...I'm not so sure. I mean, if we grant the "done correctly" part for the sake of argument, it sounds to me like a file F requested by user A on system X may be cached on system Y used by user B, even if user B does not have the appropriate permissions for file F. If that's the case, and it may not be, then a security issue with system Y or user B could expose file F. Is this how others are reading it? ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: This sounds like a security disaster just waiting to happen..., (continued)
- Re: This sounds like a security disaster just waiting to happen... Larry Seltzer (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Jeff Kell (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Valdis . Kletnieks (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Larry Seltzer (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Valdis . Kletnieks (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Jason Ross (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Jon Kibler (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Paul Ferguson (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Larry Seltzer (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Rich Kulawiec (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Rich Kulawiec (May 03)