Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20020902163743.GH4878@blue.alter.pl>
Date: Mon, 2 Sep 2002 18:37:43 +0200
From: Radoslaw Stachowiak <radek@...er.pl>
To: owl-users@...ts.openwall.com
Subject: Re: [sOT] General security/permissions issues (long)

*** Michael Tokarev <mjt@....msk.ru> [Monday, 26.August.2002, 22:08 +0400]:
> There is another directory, bases/, where all av bases
> (*.vdb files for drwebd - virus signatures) are keept.
> This directory should be readable by drwebd - obviously -
> so that daemon can read it's data.  But it should NOT
> be *writable* by daemon: if by any chance an attacker
> will have control over drweb daemon (a complex piece
> of software, closed source, yadda-yadda), he should NOT
> be able to mess with those.  For now, directory bases/
> and all files within is owned by root:root.

Just my 0.02$

looks for me that a mistake in assumption made above has 'created' this
rather complicated problem while in fact it does not exist :)  

Why?

Because those files (bases/) are for drwebd. Assuming that someone has
control over drwebd means that he can do whatever he wants. read: can
disable AV checks regardless bases/ files are good or wrong. in other
words: after drwebd compromise, bases/ files have lost their value, so
protecing them has no sense.

So this all solutions do not prevent attacker from his objectives (after
succesful drwebd compromise).

This is based on my assumption (maybe wrong?) that bases/ files are
only used for drwebd.

Anyway (maybe i'm wrong with sth else), solution with two separate
connections is what i like.

-- 
radoslaw.stachowiak.........................................http://alter.pl/

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.