Hi Dan,
On Di 29 Okt 2013 13:59:30 CET, Dan Halbert wrote:
Hi Mike, this fix to authenticate the commands is good. I didn't
realize I was uncovering a security problem.One question: the underlying crash was due to bad data. If
authenticated but still bad data is sent, will the client still
crash? I am thinking about a malicious server crafting something to
crash the client or have it do something bad. I looked at the code
diff and I didn't see some underlying verification of the x2go
commands.E.g.: X2GODATABEGIN:<good-uuidhash> bad data here X2GODATAEND:<good-uuidhash>
I would indeed call this work in progress. See #334 for the ,,bad data
here'' location you address above.
We surely need a means to ensure that the data sent over the wire is
sane. An idea could be to encrypt/decrypt the data asymmetrically.
Maybe something else...
Hmmm...
I don't think that evaluating the data in itself (via regexp e.g.)
will lead to good results. We should invent a method that is common to
all sorts of text data and makes sure that the data is for the client
that requested it.
On the other hand... If you cannot trust your admin, who can you trust???
Any contribution of ideas is welcome.
Mike
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...