[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POSIX
From: |
Jonathan S. Shapiro |
Subject: |
Re: POSIX |
Date: |
Thu, 27 Oct 2005 10:40:37 -0400 |
On Thu, 2005-10-27 at 11:58 +0200, Alfred M. Szmidt wrote:
> Note that turning off home directory before opening the network
> port is NOT good enough!
>
> You say that it isn't good enough, without explaining why.
It would not be bad to try to think things out for yourself once in a
while. Everybody here needs to start thinking about design from the
attacker point of view in order to be able to evaluate their designs.
To answer your question:
Once the hostile program can read my home directory, I must assume that
it *has* read my home directory. After this, cutting off access to the
directory will not prevent disclosure over the network of my current
content. Therefore, cutting off the home directory before enabling the
network connection is insufficient.
shap
- Re: POSIX, (continued)
- Re: POSIX, Jonathan S. Shapiro, 2005/10/27
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Leonardo Lopes Pereira, 2005/10/26
- Re: POSIX, Bas Wijnen, 2005/10/26
- Re: POSIX, Jonathan S. Shapiro, 2005/10/26
- Re: POSIX, Alfred M\. Szmidt, 2005/10/27
- Re: POSIX, Bas Wijnen, 2005/10/27
- Re: POSIX, Alfred M\. Szmidt, 2005/10/27
- Re: POSIX,
Jonathan S. Shapiro <=
- Re: Let's do some coding :-), Bas Wijnen, 2005/10/25
- Re: Let's do some coding :-), Jonathan S. Shapiro, 2005/10/25
Re: Let's do some coding :-), olafBuddenhagen, 2005/10/25
- Re: Let's do some coding :-), Jonathan S. Shapiro, 2005/10/25
- Re: Let's do some coding :-), Alfred M\. Szmidt, 2005/10/25
- Re: Let's do some coding :-), Jonathan S. Shapiro, 2005/10/25
- Re: Let's do some coding :-), ness, 2005/10/26
- Re: Let's do some coding :-), Alfred M\. Szmidt, 2005/10/26
- Re: Let's do some coding :-), Jonathan S. Shapiro, 2005/10/26
- Re: Let's do some coding :-), Alfred M\. Szmidt, 2005/10/26