[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH revised

From: Lluis
Subject: Re: SSH revised
Date: Wed, 29 Mar 2006 00:07:39 +0200
User-agent: Mutt-ng devel-r782 (based on Mutt 1.5.11/2005-09-15)

El Tue, Mar 28, 2006 at 08:07:42PM +0200, Bas Wijnen ens deleità amb les 
següents paraules:
> On Tue, Mar 28, 2006 at 03:54:06PM +0200, Lluis wrote:
>> But... a cap. to a network connection makes any non-TCB code untrusted, 
> I think you mean unconfined, not untrusted.

err... I don't know the exact definition of both, but what I meant to say 
is that a networked (unconfined) non-TCB code can't be trusted... isn't 
this right?

and any networked code would be unconfined, being it part of the TCB or 
not... well, not exactly, but... :)

>> right?
> In general, yes, but in this case, no.  The system accepts a connection from 
> the network.  It then starts this confined program with access to the host 
> keys.  It gives that program a capability to the user ssh server and to the 
> socket for the network connection.  Both sides of the connection need to be 
> trusted (and they check this using some authentication mechenism such as 
> public key authentication).  The "confined" program can then talk to the user 
> program, or the remote side, both of which are trusted.
> There are other problems when the program is taken over, though.  First, the 
> user (and if you're unlucky, anyone) can retrieve the host keys by taking 
> over 
> the program.  Second, the program can start sending plain-text stuff to the 
> network.  The remote side will of course reject all this, but someone 
> sniffing 
> the network can still read it all.  Actually, the remote side will likely not 
> reject it, because it is the one who took over the program.  That is, it is a 
> system service, so it wasn't written to be malicious, so it can only do 
> malicious things if it is taken over while running.  This is because a new 
> connection will get a new instance of the program, so taking over one ssh 
> connection does not give you access to any other connection.  Is this still 
> understandable?

crystal clear :)


 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Listening: Symphony X (The Divine Wings Of Tragedy) - 03. 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]