[Novalug] Gzip security hole?
Tux subscriber Dave Aronson
tux2dave at davearonson.com
Thu Sep 13 19:20:59 EDT 2007
John Franklin wrote:
> Pipes are an interesting target. Consider opening a pipe for an
> app (think: mysql-style /var/run pipes), unlinking the pipe, then
> creating a new one in its place. Voila, instant man-in-the-middle
> attack.
Yup. That's exactly why CAGE names the internal pipes after the child
half's pid, and deletes it immediately after both sides have opened it.
Sure, there's still a window of vulnerability, but it's pretty narrow.
(I think you were still around when I wrote CAGE. Did you get to hear
much about it? If not, I can forward you some presentation material I
wrote about it. STOP 7 makes its architecture obsolete tho.)
-Dave
--
Dave Aronson
"Specialization is for insects." -Heinlein
Work: http://www.davearonson.com/
Play: http://www.davearonson.net/
More information about the Novalug
mailing list