Salut, Maurice Volaski, On Fri, 4 Jul 2008 13:00:14 -0400, Maurice Volaski wrote: > IMHO, you have it backwards. It is the improper error messages that > can pose a security risk. If my OpenSSH program is either > misconfigured or malfunctiong, and it may be exposing my systems to > something nefarious, then how am I to efficiently debug it and get to > the bottom of that if I have to contend with its throwing roadblocks > in my face? If you followed the history of security problems of the non-portable OpenSSH/OpenSSL series of the past few years, you will notice that a lot of the problems unleashed were actual oracles and not typical programming errors like buffer overflows or the likes, but a lot of timing attacks or similar information disclosure vulnerabilities. In some case adding what people are looking for would make for a perfect oracle (e.g. "The key hash was invalid!" or other reasons why a cryptographic operation failed), or in some cases the developers simply got too much used to this non-disclosing programming style. Either way it's not really easy to find the correct balance. > This is not nuance by any means. It's just poor programming practice. I disagree. Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33 Güterstrasse 86 Fax:+41 61 383 14 67 4053 Basel Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
