lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031013102953.GA8384@adamantix.org> From: peter at adamantix.org (Peter Busser) Subject: openssh exploit code? Hello Security Snot, > You > probably enjoy the multiple levels of admitted "obscurity features" (check > the Brad Spengler vs. OpenBSD Team threads just about anywhere, Theo's > quotes on w^x being an "obscurity feature" to thwart attacks from lesser > skilled attackers - since after all, the lesser skilled attackers are the > real threat, right?). Are you refering to the following discussion? http://archives.neohapsis.com/archives/openbsd/2003-04/1678.html I think you haven't thoroughly read the discussion. The obscurity features refered to in this case are the various address space layout randomisation (ASLR) features. ASLR is just one of the W^R features. The ASLR is indeed an obscurity feature. It depends on the assumption that the attacker does not know the exact placement of the executable/libraries/stack/heap in memory. It is a public secret that secure systems do not exist and are not technically possible at this time. And that is just the technical side of the problem, there is also a social aspect to security, which is a whole different can of worms. As such, ASLR is not the final answer to security problems. It is just a way to raise the bar, and hope that noone is able to jump over it. Encryption is also an ``obscurity feature''. And encrypted passwords have been known to be crackable. Does that make encrypted passwords any less valuable? I don't think so. The following message proves that at least it is effective against some attacks: http://groups.google.com/groups?selm=20030525190037%2470c6%40gated-at.bofh.it This is of course about PaX and not W^R, but the basic feature set is more or less similar (although PaX predates W^R, lest anyone starts accusing PaX people from copying features from OpenBSD). > So yeah, FUD. If I told you there are still exploitable preauthentication > bugs in OpenSSH, would that just be FUD too? FUD until the next advisory > is published on that horribly designed codebase, FUD until the threat is > demonstrated, right? Bet you'd like to see yourself eat your words, so > you can generate a little more revenue with your security job. . . There are probably tons of vulnerabilities in OpenSSH. It is after all a rather complicated piece of software. It is a public secret that complex software often contains serious bugs. So what exactly is your point? Why are you restating the obvious? And when you talk about credibility, I think you are the one here who has a credibility problem. I mean, you shout about things you apparently do not fully understand. Take the ``obscurity feature'' above, you use one feature of a set of different features to dismiss the usefullness of the whole set. That is not really a logical thing to do. That is no problem, I mean, you don't have to feel ashamed about not understanding something complicated. You are certainly not alone, everyone has things he/she does not understand (I know I don't understand many things). Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/
Powered by blists - more mailing lists