Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve

[alecm () COYOTE UK SUN COM (Alec Muffett)]

> Such a database is all good and fine, but it inheritly has at
> least one weakness: an attacker can install an old, but genuine
> Sun binary with a security hole in it.
>
> If you did a post mortem and found such a file, would you say
> "I must have forgotten to update that file" or would you say
> "There is something rotten in the State of Denmark"?

Well, let's be frank, there are even more creative theoretical attacks
on such a database-based checking system, involving subtle trojan horses
which could hide "naughty" files from readdir() by kernel patching, or
something similar that would read() one file's contents when MD5 is
hashing it, but exec() some other chunk of binary data entirely...

We think that the SFPdb is a step in the right direction; and yes, it
is precisely because of the above possibilities that we're considering
carefully what'd be the "right thing to do" in terms of extending the
service by providing it in more popular/flexible formats.

> (Nevertheless, your database is obviously much better than having
> nothing at all.)

That was our take on it, too.

        - alec
          (CGI guy and ideas geek, SFPdb project)

--
     alec muffett - sun professional services - alec.muffett @ uk.sun.com
              [your free random numbers for today are: 25661 29]
            everybody wants a rock to wind a piece of string around