|
Bugtraq
mailing list archives
Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve
From: alecm () COYOTE UK SUN COM (Alec Muffett)
Date: Wed, 19 Apr 2000 11:20:53 +0100
Such a database is all good and fine, but it inheritly has at
least one weakness: an attacker can install an old, but genuine
Sun binary with a security hole in it.
If you did a post mortem and found such a file, would you say
"I must have forgotten to update that file" or would you say
"There is something rotten in the State of Denmark"?
Well, let's be frank, there are even more creative theoretical attacks
on such a database-based checking system, involving subtle trojan horses
which could hide "naughty" files from readdir() by kernel patching, or
something similar that would read() one file's contents when MD5 is
hashing it, but exec() some other chunk of binary data entirely...
We think that the SFPdb is a step in the right direction; and yes, it
is precisely because of the above possibilities that we're considering
carefully what'd be the "right thing to do" in terms of extending the
service by providing it in more popular/flexible formats.
(Nevertheless, your database is obviously much better than having
nothing at all.)
That was our take on it, too.
- alec
(CGI guy and ideas geek, SFPdb project)
--
alec muffett - sun professional services - alec.muffett @ uk.sun.com
[your free random numbers for today are: 25661 29]
everybody wants a rock to wind a piece of string around
 By Date 
By Thread
Current thread:
| 
Intro
