Re: On why debugging OpenSSH can be so hard

Salut, Maurice Volaski,

On Fri, 4 Jul 2008 13:00:14 -0400, Maurice Volaski wrote:
> IMHO, you have it backwards. It is the improper error messages that 
> can pose a security risk. If my OpenSSH program is either 
> misconfigured or malfunctiong, and it may be exposing my systems to 
> something nefarious, then how am I to efficiently debug it and get to 
> the bottom of that if I have to contend with its throwing roadblocks 
> in my face?

If you followed the history of security problems of the non-portable
OpenSSH/OpenSSL series of the past few years, you will notice that a
lot of the problems unleashed were actual oracles and not typical
programming errors like buffer overflows or the likes, but a lot of
timing attacks or similar information disclosure vulnerabilities.

In some case adding what people are looking for would make for a
perfect oracle (e.g. "The key hash was invalid!" or other reasons why a
cryptographic operation failed), or in some cases the developers simply
got too much used to this non-disclosing programming style.

Either way it's not really easy to find the correct balance.

> This is not nuance by any means. It's just poor programming practice.

I disagree.

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Solutions Systematiques
Tel:+41 61 333 80 33            Güterstrasse 86
Fax:+41 61 383 14 67            4053 Basel
Web:www.sygroup.ch              tonnerre.lombard@sygroup.ch

signature.asc
Description: PGP signature