Apps Messaging: security
Mark Taylor
m.b.taylor at bristol.ac.uk
Tue Apr 10 05:49:23 PDT 2007
On Tue, 10 Apr 2007, John Taylor wrote:
>> actually that would be OK, and maybe tidier - we're vulnerable to brute
>> force in any case (app.exec(secret-id,args="rm -r .")). We can just
>> recommend that secret-ids ought to be hard to guess.
>
> I guess so - I was thinking that a brute force attack on the former allows
> you to get a particular application, while in the latter the bad guy can't
> be sure which app you'll get. I guess there's not much of a difference...
> Anyway, all we're trying to do is stop one application spoofing another. A
> malicious application can still register legitimately and send a naughty
> command. I don't see any way of stopping that - if you're going to run dodgy
> software it can execute "rm -r" on its own without our help!
This does a bit more than that - the malicious application can only
register if it knows hub-secret. In the PLASTIC as it stands
any process who can see the XML-RPC port can do that, and it may be
running for a different user. Admittedly you could solve that by
just passing hub-secret around with all calls, but you'd still want
to have an application ID, and this effectively combines the two,
as well as formalising the question of whether it is permissible
to spoof.
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/
More information about the apps
mailing list