Black, Michael wrote: >You might try re-using the rather large effort that went into the CERT >taxonomy: >http://www.cert.org/research/taxonomy_988667.pdf > >You'll note the complete lack of "local" and "remote" in the taxonomy. > That pretty much tells me everything I need to know about whether I want to use that taxonomy :) >Remote exploit of Bind (causing "rm -r /*" to be executed): >Attack: > Tool: User Command > Vulnerability: Design > "Design"?! >If you really want to stick with "remote" and "local" I think you can >define them thusly: >Remote -- control/access of resources occurs from outside the >machine/network >Local -- control/access of resources occurs on the local machine (i.e. >no network connection required) > Ok, but I had no trouble with those definitions in the first place, and so far you have not captured the distinction Derek was asking about. >Using this definition the email example is local and both bind examples >are remote. .. and any definition that classifies the e-mail example as "local" is just broken. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Director of Software Engineering, Novell http://novell.com
