Subject: Re: Policy questions
To: NetBSD Userlevel Technical Discussion List <tech-userlevel@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: tech-userlevel
Date: 01/02/2004 14:37:26
[ On Friday, January 2, 2004 at 10:26:37 (-0500), John Hawkinson wrote: ]
> Subject: Re: Policy questions
>
> Unprivileged users should be able to do ad-hoc unencrypted file
> transfers without compromising their accounts, regardless of whether
> there's a "secure" local network.
>
> (When I say "unprivileged users," I rule out NFS, or daemons that
> might not be configured on the machine, e.g. ftpd (probably insecure
> anyhow, unless you're using kerberos).)
Well unless one assumes SSH is both installed and configured and running
in a usable fashinon, and is also "good enough security", I don't think
that's possible, or even realistic.
As you know trust and security don't just appear on their own out of
thin air.
You cannot expect to walk up to some machine and use it in a secure
fashion, even when you've been given the right (i.e. an account) to do
so. If you're going to use someone else's computer in a trusted fashion
then you have to trust them to have configured and turned on something
like SSH, or HTTPS, etc., as well.
You also simply cannot expect to take new software "out of the box",
install it without configuring it, and achieve any degree of true system
security, particularly when networking over public networks is involved.
> When I've had this need, I end up kludging something with tar and
> netcat on both ends, but it's not very satisfactory, especially since
> netcat's semantics combine the idea of timeouts with exitting when the
> connection closes (i.e. "-w secs").
Unless you can securely confirm the integrity of that file transfer
(e.g. using a secure hash that you transmit out-of-band, which in effect
is a form of crypto, so doesn't really fit your scenario) then,
depending on what you're transfering, such a technique may very well
compromise your account (at least on the receiving end). (worst case
scenario might be some attacker in the right place at the right time who
knows what you're about to transfer is your archive of ~/.* files to set
up your account on the receiving end and they've prepared a MITM attack
to insert a trojan in your archive)
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com>