From owner-freebsd-security  Fri Jun  1  7:25: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.yadt.co.uk (yadt.demon.co.uk [158.152.4.134])
	by hub.freebsd.org (Postfix) with SMTP id D3A2037B50D
	for <security@FreeBSD.org>; Fri,  1 Jun 2001 07:24:50 -0700 (PDT)
	(envelope-from davidt@yadt.co.uk)
Received: (qmail 65033 invoked from network); 1 Jun 2001 14:24:33 -0000
Received: from gattaca.local.yadt.co.uk (HELO mail.gattaca.yadt.co.uk) (qmailr@10.0.0.2)
  by xfiles.yadt.co.uk with SMTP; 1 Jun 2001 14:24:33 -0000
Received: (qmail 2421 invoked by uid 1000); 1 Jun 2001 14:24:48 -0000
Date: Fri, 1 Jun 2001 15:24:48 +0100
From: David Taylor <davidt@yadt.co.uk>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc: security@FreeBSD.org
Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd)
Message-ID: <20010601152448.A1982@gattaca.yadt.co.uk>
Mail-Followup-To: "Karsten W. Rohrbach" <karsten@rohrbach.de>,
	security@FreeBSD.org
References: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <3B16E7D9.3E9B78FF@globalstar.com> <20010531183732.B12216@xor.obsecurity.org> <3B16F492.128CB8B0@globalstar.com> <20010531191001.A12808@xor.obsecurity.org> <3B16FD12.B1F251C8@globalstar.com> <20010531193555.A13334@xor.obsecurity.org> <20010601161951.F10477@mail.webmonster.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010601161951.F10477@mail.webmonster.de>; from karsten@rohrbach.de on Fri, Jun 01, 2001 at 16:19:51 +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 01 Jun 2001, Karsten W. Rohrbach wrote:
> this does not lead to a big tragedy since the agent protocol is
> challenge-response. a challenge is sent by the remote peer, the agent
> signs it using the local identity and send the response back to the
> remote peer. the remote side checks the signed response against the
> public key and if it matches c'est ca. if this way of authentication
> has to be considered dangerous, public key crypto is, since you could
> not give away you public key, then ;-) the private key is never ever
> presented to an entity on a remote system.
> 

public key crypto _would_ be dangerous if you automatically signed anything
an untrusted remote host threw at you.

Now, if ssh-agent were to ask you if it should sign the challenge each time,
that'd help.  But if the remote ssh binary is trojaned, it could be designed
to inject arbitrary commands into your session, so it wouldn't help very
much.

If you're allowing an untrusted machine to make a connection to another
machine, its insecure, basically.

-- 
David Taylor
davidt@yadt.co.uk

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message