On Wed, 21 Jan 2015, Andreas Gruenbacher wrote:> Not really. As a security requirement, if this even really is anyone's > security requirement, this is pointless -- the ErrCode is set to 0 ("NotStill, requirements like this d?o? exist in the real world, dismissing them is a, I quote, stupid idea. I?d suggest to please wake up. bye, //mirabilos (not speaking for his employer here) -- tarent solutions GmbH Rochusstra?e 2-4, D-53123 Bonn ? http://www.tarent.de/ Tel: +49 228 54881-393 ? Fax: +49 228 54881-235 HRB 5168 (AG Bonn) ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
I'll play the security advocate.... So most of the people that implement tftp services have almost no idea how they work....and that's o.k. They do however have a few fundamental beliefs that they expect to be true, and it is those beliefs that they use to make decisions when implementing a service and it's data structures. If they are not true, then they are likely vulnerable to an attack. One of the things that has been held true for tftp, by many for a long time, is that it is a 'black box'. There is no ls utility for tftp. You can't get the list of files on the server. You can only ask for a file, and if the file exists and is accessible, then it is retrieved. If you could simply ask for all kinds of files that you didn't have access to, but *might exist*, an attacker could map out the file-system that the tftp service has access to and may find another chink in the armor along the way. I can't think of another way to directly exploit the difference between noent and no access, but if tftp is expected to be a "black box", then it should continue to behave like one.
On Wed, 21 Jan 2015, Don Cupp wrote:> I'll play the security advocate....Don?t? from a yahoo address? (SCNR) ;-) Anyway: the requirements for obscurity or even insecure pseudo-security d?o? exist, no matter the real impact of it, e.g. due to management, policy, compliance, etc. decisions. That was what I was pointing out. bye, //mirabilos -- tarent solutions GmbH Rochusstra?e 2-4, D-53123 Bonn ? http://www.tarent.de/ Tel: +49 228 54881-393 ? Fax: +49 228 54881-235 HRB 5168 (AG Bonn) ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Possibly Parallel Threads
- PXE Error Reporting
- Deprecation of scp protocol and improving sftp client
- vesamenu back to text before booting
- vesamenu back to text before booting
- Why are the arguments supplied for the command run through ssh interpreted by shell before they are passed to the command on the server side?