Re: On why debugging OpenSSH can be so hard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jul 4, 2008, at 10:00 AM, Maurice Volaski wrote:

Please bear in mind that in the world of cryptography, the difference
between proper error messages and information disclosure
vulnerabilities is narrow, or only a nuance.

IMHO, you have it backwards. It is the improper error messages that can pose a security risk. If my OpenSSH program is either misconfigured or malfunctiong, and it may be exposing my systems to something nefarious, then how am I to efficiently debug it

That's why it fails at that point.

-b


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux