On Thu, 27 Jun 2002, Linas Vepstas wrote:
> If properly configured, such a theoretical hack would still prevent
> the hacker from getting at the private keys, changing (or even reading)
> ipsec.conf, or other files on the compromised system (such as the
> password file, or changing the dns entries).
the password file, the dns entries, it's all peanuts if you already
have the only real treassure on the box, the ipsec.secrets. Why would
you want root access on a firewall box, if not only to sniff plaintext,
and setup your own connection to the inside? For both, only the secrets
are needed, and the rest is better left undisturbed anyway so you can
enjoy your secrets longer before discovery.
And I guess pluto, which needs to read ipsec.secrets, is your only
possible way in, since that's the only thing talking to untrusted outside
world. At most you could restrict pluto to spawn a child and pass along
the secret for a single connection in the child, but that wouldn't buy you
much.
But I'm not a pluto expert at all, so I might be wrong :)
Paul
--"Movie scripts no longer write, George Lucas shall"
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST