| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jul 2005 06:42:21 -0700 From: Crispin Cowan <crispin@...ell.com> To: "Black, Michael" <black@...exCorp.com> Cc: James Longstreet <jlongs2@....edu>, Derek Martin <code@...zashack.org>, bugtraq@...urityfocus.com Subject: Re: On classifying attacks Black, Michael wrote: >You might try re-using the rather large effort that went into the CERT >taxonomy: >http://www.cert.org/research/taxonomy_988667.pdf > >You'll note the complete lack of "local" and "remote" in the taxonomy. > That pretty much tells me everything I need to know about whether I want to use that taxonomy :) >Remote exploit of Bind (causing "rm -r /*" to be executed): >Attack: > Tool: User Command > Vulnerability: Design > "Design"?! >If you really want to stick with "remote" and "local" I think you can >define them thusly: >Remote -- control/access of resources occurs from outside the >machine/network >Local -- control/access of resources occurs on the local machine (i.e. >no network connection required) > Ok, but I had no trouble with those definitions in the first place, and so far you have not captured the distinction Derek was asking about. >Using this definition the email example is local and both bind examples >are remote. .. and any definition that classifies the e-mail example as "local" is just broken. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Powered by blists - more mailing lists