Vulnerability Development mailing list archives
Re: Apache ap_getpass vulnerability
From: "Jon Paul, Nollmann" <sinster () DARKWATER COM>
Date: Sun, 5 Nov 2000 11:25:16 -0800
Sprach Carson Gaspar <carson () TALTOS ORG>:
Having your private key stored un-encrypted on disk is also a really bad idea. You have to decide how you're going to trade-off operational complexity vs. security.
It's a choice that's been made technologically: it's unworkable to have the private key encrypted, so its left unencrypted. If you have the key encrypted and arrange for some other mechanism for the server to automagically get the passphrase at startup, then that's equivalent to having the private key unencrypted on the hard disk: all the data is there on the machine that's necessary to unencrypt the private key. It's unavoidable. So, people just have to make sure that no one gets access to the machine in the first place. And that's where we come in. Muahahahahaha! :) More seriously, though: my assumption is always that it's impossible to secure a machine against its own users and still have the machine remain usable. The whole point of the machine is to give out access that exceeds the user's native access in controlled ways. That means that in the absence of bugs, the user just needs to trick the controller. In the presence of bugs, all bets are off. So if you let someone have a login shell, you're wide open to that person. Putting an encrypted passkey on the filesystem with a password squirrelled away in some conf file doesn't make things any more difficult for an attacker than having an unencrypted key... ... unless you have a vulnerability that allows a remote attacker to download any 1 file. Then you're screwed. And we certainly know that such vulnerabilities exist. But if you've got that vulnerability, they'll just download your conf file as well. Or if they're bored, they'll download your entire filesystem and browse at their leisure. But that's just an argument for avoiding 3rd party closed-source software: if you have the source, then you can fix any vulnerability that you find. -- Jon Paul Nollmann ne' Darren Senn sinster () balltech net Unsolicited commercial email will be archived at $1/byte/day. You can go a long way with a smile. You can go a lot further with a smile and a gun. Al Capone
Current thread:
- Apache ap_getpass vulnerability Simon Tamás (Nov 02)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 04)
- Re: Apache ap_getpass vulnerability Pavel Kankovsky (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 07)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Michael H. Warfield (Nov 07)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 07)
- Re: Apache ap_getpass vulnerability Lincoln Yeoh (Nov 08)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 10)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 06)