Date: Fri, 1 Jun 2001 14:19:16 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Peter C. Lai" <sirmoo@cowbert.2y.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601141916.A88206@xor.obsecurity.org> In-Reply-To: <00cc01c0eaa2$30bd7ca0$8caa6389@resnet.uconn.edu>; from sirmoo@cowbert.2y.net on Fri, Jun 01, 2001 at 09:53:08AM -0400 References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <Pine.BSF.4.31.0105311621290.52261-100000@localhost> <20010601013041.A32818@area51.dk> <3B16D9C8.2F6CE52E@ursine.com> <00cc01c0eaa2$30bd7ca0$8caa6389@resnet.uconn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 01, 2001 at 09:53:08AM -0400, Peter C. Lai wrote: > usually on untrusted systems (such as a public terminal), i ssh via > mindterm's java ssh client which is stored on the system that i access. It > only uses SSH1 (because they haven't written an SSH2 client yet). The java > applet version i'm using is unsigned, and therefore should run in it's own > sandbox wrt to the java runtime that i am using. Barring a trojaned java > runtime that record all keystrokes, how else is using a trusted client > stored on a trusted machine from an untrusted terminal dangerous? So many ways..another process running as you can monitor/intercept/modify the operation of the JVM because there's no protection against doing that under UNIX (the protection only exists between different processes running as different users); the kernel, or another process can record keystrokes (I don't know if mindterm is a text-based client or GUI, but it doesn't matter); the client can be trojaned without your knowledge (how did you KNOW it's "trusted"?), etc. You should just accept the fact that it's not possible to run trusted software in an untrusted environment, and if the system wants to compromise your software badly enough they can. There have been some interesting mathematical steps in this direction (involving computing of a certain class of function which are "encrypted" but in an isomorphic form, where the desired computation commutes with the operation of encryption so the untrusted system can perform the computation without knowing what it's doing) -- but nothing remotely usable. Kris --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7GAbTWry0BWjoQKURAiSEAJ49zvaswluzvqGFPOIkdykWd6FUBQCgp9P1 I6vPIdQQW0MNmBuI9EURces= =anfw -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601141916.A88206>