Re: On why debugging OpenSSH can be so hard



Salut, Maurice Volaski,

On Fri, 4 Jul 2008 13:00:14 -0400, Maurice Volaski wrote:
IMHO, you have it backwards. It is the improper error messages that
can pose a security risk. If my OpenSSH program is either
misconfigured or malfunctiong, and it may be exposing my systems to
something nefarious, then how am I to efficiently debug it and get to
the bottom of that if I have to contend with its throwing roadblocks
in my face?

If you followed the history of security problems of the non-portable
OpenSSH/OpenSSL series of the past few years, you will notice that a
lot of the problems unleashed were actual oracles and not typical
programming errors like buffer overflows or the likes, but a lot of
timing attacks or similar information disclosure vulnerabilities.

In some case adding what people are looking for would make for a
perfect oracle (e.g. "The key hash was invalid!" or other reasons why a
cryptographic operation failed), or in some cases the developers simply
got too much used to this non-disclosing programming style.

Either way it's not really easy to find the correct balance.

This is not nuance by any means. It's just poor programming practice.

I disagree.

Tonnerre
--
SyGroup GmbH
Tonnerre Lombard

Solutions Systematiques
Tel:+41 61 333 80 33 Güterstrasse 86
Fax:+41 61 383 14 67 4053 Basel
Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx

Attachment: signature.asc
Description: PGP signature