>>>>> On Fri, 09 Dec 2005 11:08:44 +0000, Dave Shield <[EMAIL PROTECTED]> said:
Dave> But I'm uncertain how much information it's possible to convey Dave> within the name of a configuration token. That sort of detail Dave> really belongs in the documentation, IMO - i.e. the man page Dave> entry for 'snmptrapd.conf'. That'd make me feel better if people read the documentation. Most importantly, you're actually renaming the token because you don't *want* people to have to read the documentation to understand the old directive ;-) >> How about "acceptUnauthorizedNotifications" or something a >> bit more blatant that what they're doing may allow their machine >> to be taken over if they're also using traphandle scripts. Dave> Ummm... Dave> If I'm going to be writing this documentation, maybe it would Dave> be helpful if *I* were a little clearer about the dangers. Dave> Perhaps you could say something more about how a machine could Dave> be "taken over" from running a traphandle script with an unknown Dave> community string or user name? Because I just don't see it, ATM. traphandle's are used to trigger external processes. That likely means they may be expecting certain things and not other things in the notification and more importantly may be expecting values to behave to certain conditions. They're likely written poorly from a security perspective much of the time. They're also likely slow in general which means if someone can trigger a ton of them it'll increase the DoS possibilities even if nothing else malicious could be done. Consider any traphandle that ends up firing off a lot of other traffic in order to handle the notification. Dave> As I understand it, the traphandler will be invoked using the same Dave> user credentials as the running snmptrapd process, and won't Dave> depend on the user/community of the incoming trap. Indeed, I didn't Dave> think that this user/community information was even *passed* to the Dave> trap handler (though I could be wrong there). sure, but do you really want it to be run if I call: snmptrap -v 2c -c IAMEvil ... at you? Dave> Talking about a system being "taken over" feels suspiciously Dave> like scare tactics to me. I'm quite happy to accept that it's Dave> a real danger, but would appreciate a little more detail about Dave> exactly what is (and isn't) vulnerable. I'm expecting the type of code put into traphandles are quick scripts that aren't crafted from a security point of view where any old packet can trigger it. Authenticated and authorized packets are much more likely to conform to the processing rules the script will expect. -- Wes Hardaker Sparta, Inc. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
