El Tue, Mar 28, 2006 at 08:07:42PM +0200, Bas Wijnen ens deleità amb les següents paraules: > On Tue, Mar 28, 2006 at 03:54:06PM +0200, Lluis wrote: >> But... a cap. to a network connection makes any non-TCB code untrusted, > > I think you mean unconfined, not untrusted.
err... I don't know the exact definition of both, but what I meant to say is that a networked (unconfined) non-TCB code can't be trusted... isn't this right? and any networked code would be unconfined, being it part of the TCB or not... well, not exactly, but... :) >> right? > > In general, yes, but in this case, no. The system accepts a connection from > the network. It then starts this confined program with access to the host > keys. It gives that program a capability to the user ssh server and to the > socket for the network connection. Both sides of the connection need to be > trusted (and they check this using some authentication mechenism such as > public key authentication). The "confined" program can then talk to the user > program, or the remote side, both of which are trusted. > > There are other problems when the program is taken over, though. First, the > user (and if you're unlucky, anyone) can retrieve the host keys by taking > over > the program. Second, the program can start sending plain-text stuff to the > network. The remote side will of course reject all this, but someone > sniffing > the network can still read it all. Actually, the remote side will likely not > reject it, because it is the one who took over the program. That is, it is a > system service, so it wasn't written to be malicious, so it can only do > malicious things if it is taken over while running. This is because a new > connection will get a new instance of the program, so taking over one ssh > connection does not give you access to any other connection. Is this still > understandable? crystal clear :) Regards, Lluis -- "And it's much the same thing with knowledge, for whenever you learn something new, the whole world becomes that much richer." -- The Princess of Pure Reason, as told by Norton Juster in The Phantom Tollbooth Listening: Symphony X (The Divine Wings Of Tragedy) - 03. _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
