Re: Documentation server security issues
In article <[🔎] 199707071945.WAA11339@isil.lloke.dna.fi> you wrote:
: Bernd Eckenfels wrote:
: >On Jul 7, Riku Saikkonen wrote
: >> An HTTP server listening on any TCP port is not secure, even
: >> if you configure it to only allow accesses from the local host.
: >You can bind on 127.0.0.1, which is then fairly secure.
: Sorry, but it doesn't help much (as I said later on in the same message).
: If there's a security hole in the HTTP server, it is trivial to create a
: WWW page that, when accessed (with almost any browser), will have the
: browser create a connection to localhost and exploit the security hole.
: The connection comes from the browser, and thus from 127.0.0.1, so binding
: there doesn't help.
You cannot generate that page since you cannot access the system. There is no way for you to
exploit the security hole unless you have an alternate way of accessing the system. Those
alternate ways (may be telnet access) is much more dangerous than web-access.
: (the triviality is to include include in the malicious WWW page an
: <IMG SRC="http://localhost/security-exploit-here";>
: (and/or an <A HREF> with the same URL and text such as "click here for more
: information" for browsers that don't autoload images) in the WWW page; or
: include an innocent-looking URL that leads to a redirect to the bad URL,
: if you want to do some more hiding)
: --
: -=- Rjs -=- rjs@spider.compart.fi, rjs@lloke.dna.fi
: --
: TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
: debian-devel-request@lists.debian.org .
: Trouble? e-mail to templin@bucknell.edu .
--
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
Please always CC me when replying to posts on mailing lists.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: