[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Simulavr-devel] GDB to stdin connection & threading
|
From: |
ThomasK |
|
Subject: |
Re: [Simulavr-devel] GDB to stdin connection & threading |
|
Date: |
Mon, 30 Jan 2012 19:23:56 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Lightning/1.0b2 Thunderbird/3.1.16 |
Hi Petr,
* attackers on network are able to abuse the poor simulavr
I think, this is really a security problem. It's an open port for
somebody, which is able to connect to it and nobody can be sure, that
there is no possiblity to abuse it.
The first is: NOBODY SHOULD RUN SIMULAVR AS ROOT! No no, don't do it! :-)
But even if running as normal, unpriviledged user it's not secure. A
hint for me, to write a warning in documentation. To hold it in mind, if
you use simulavr as gdbserver!
So I am trying to allow launching simulavr by using GDB command
"target remote | simulavr.exe --something". (The existing ways will
remain available.)
This could be really a solution for the problem. If it works! Topics
are: it should run in Linux AND windows. (but maybe with 2 different
implementations for the connection), performance.
> This means that simulavr would not be able to process inputs from
> other TCP connections, e.g. fake terminal, the display thing (I do not
I'm not really sure, if this is possible in current simulavr. Because,
if running as gdb server the processing in simulavr depends completely
on commands from gdb. There is no asynchronous processing of whatever.
(my opinion) And anything else could end in a complete redesign of simulavr.
cu, Thomas