On 12.03.20 19:09, Christoph Anton Mitterer wrote:
On Wed, 2020-03-11 at 21:39 +0100, Thomas Koeller wrote:
IMO, the idea itself sounds not the best... one must assume that such
invoked programs are not written "safe"... and thus an attacker could
potentially cause the system to run such programs a huge number of
times.
As the anticipated action of the program is to blacklist hosts, this
would require some kind of DDOS attack, using a botnet or the like.
Maybe they take a while to finish (or in error case: do not finish a
all) thus causing DoS.
Not to talk about further complex scenarios where such invocation might
be used for analysis or other forms of attacks.
While it is certainly true that poorly written programs can do harm,
please keep in mind that the only way for an attacker to interact with
the spawned program is to cause it to run. He cannot influence what the
program does, so any problems it may cause are the writer's fault.
Thomas
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
