From: Stephan von Krawczynski <skraw@ithnet.com>
To: Jesse Pollard <jesse@cats-chateau.net>
Cc: herbert@13thfloor.at, beepy@netapp.com, aebr@win.tue.nl,
linux-kernel@vger.kernel.org
Subject: Re: FS: hardlinks on directories
Date: Tue, 5 Aug 2003 02:06:04 +0200 [thread overview]
Message-ID: <20030805020604.62be10e6.skraw@ithnet.com> (raw)
In-Reply-To: <03080416381704.04444@tabby>
On Mon, 4 Aug 2003 16:38:17 -0500
Jesse Pollard <jesse@cats-chateau.net> wrote:
> On Monday 04 August 2003 11:35, Stephan von Krawczynski wrote:
> > On Mon, 4 Aug 2003 18:16:57 +0200
> [...]
> Don't do that. It is too insecure.
>
> 1. the structure you describe is FRAGILE. Just adding one more entry
> could/would break the entire structure.
>
> 2. If you mix security structures like this you WILL get a problem.
>
> What you do is copy the declassified data to a nonsecure area (also known
> as released data). This way the user can modify internal cata without
> causing the web server potentially catastrophic releases.
>
> Same with the SQL. Do not attmept to mix sensitive and nonsensitive data
> this way.
Your just kidding, don't you?
Definition of "problem" here is: service got corrupted. It is really of
_no_ interest if the data that was corrupted is "sensitive" or "nonsensitive",
because the only cure in both versions is rewriting from scratch (and dumping
the server of course).
So your possible downtime is just as big in both ways. And nothing else counts.
> If you web server got hacked, how do you prevent the hack from ADDING
> more links? Or adding SQL injections to other applications...
I don't, because it is simply impossible. If you are root on a webserver
everything is lost, no matter if your data is local or nfs-mounted you can
delete, relink or whatever you like at will.
The only thing you _can't_ do is access data that is not exported to your
hacked system. And that's exactly what I am trying to do: don't give any more
data away than absolutely necessary.
Regards,
Stephan
next prev parent reply other threads:[~2003-08-05 0:06 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-04 12:15 FS: hardlinks on directories Stephan von Krawczynski
2003-08-04 12:45 ` Måns Rullgård
2003-08-04 13:22 ` Stephan von Krawczynski
2003-08-04 13:37 ` Christian Reichert
2003-08-04 13:44 ` Stephan von Krawczynski
2003-08-04 14:22 ` Christian Reichert
2003-08-04 15:31 ` Jeff Muizelaar
2003-08-04 16:15 ` Stephan von Krawczynski
2003-08-05 2:45 ` Neil Brown
2003-08-05 9:41 ` Stephan von Krawczynski
2003-08-06 1:12 ` Neil Brown
2003-08-06 10:14 ` Stephan von Krawczynski
2003-08-07 2:27 ` Neil Brown
2003-08-04 12:47 ` Nikita Danilov
2003-08-04 13:32 ` Stephan von Krawczynski
2003-08-04 13:44 ` Andries Brouwer
2003-08-04 13:56 ` Stephan von Krawczynski
2003-08-04 14:04 ` Anton Altaparmakov
2003-08-04 14:50 ` Stephan von Krawczynski
2003-08-04 20:03 ` Olivier Galibert
2003-08-04 21:16 ` Jesse Pollard
2003-08-04 23:34 ` Stephan von Krawczynski
2003-08-05 14:20 ` Jesse Pollard
2003-08-05 14:44 ` Stephan von Krawczynski
2003-08-04 22:58 ` Andrew Pimlott
2003-08-05 0:19 ` Stephan von Krawczynski
2003-08-05 1:18 ` Andrew Pimlott
2003-08-05 8:04 ` Stephan von Krawczynski
2003-08-05 11:18 ` Wakko Warner
2003-08-04 14:33 ` Jesse Pollard
2003-08-04 15:05 ` Stephan von Krawczynski
2003-08-04 15:57 ` Richard B. Johnson
2003-08-04 21:23 ` Jesse Pollard
2003-08-04 16:11 ` Adam Sampson
2003-08-04 17:00 ` Hans Reiser
2003-08-04 17:18 ` Sean Neakums
2003-08-05 4:53 ` jw schultz
2003-08-04 18:50 ` jlnance
2003-08-04 21:09 ` Jesse Pollard
2003-08-04 22:13 ` Stephan von Krawczynski
2003-08-04 22:32 ` Stephan von Krawczynski
2003-08-04 23:00 ` Randolph Bentson
2003-08-05 0:10 ` Stephan von Krawczynski
2003-08-05 2:09 ` Edgar Toernig
2003-08-05 8:05 ` Stephan von Krawczynski
2003-08-05 12:51 ` Helge Hafting
2003-08-05 13:03 ` Stephan von Krawczynski
2003-08-05 13:13 ` Bernd Petrovitsch
2003-08-05 13:39 ` Stephan von Krawczynski
2003-08-05 13:36 ` Richard B. Johnson
2003-08-05 14:04 ` Stephan von Krawczynski
2003-08-05 14:57 ` Richard B. Johnson
2003-08-05 15:08 ` Stephan von Krawczynski
2003-08-05 15:02 ` Jesse Pollard
2003-08-05 15:12 ` Stephan von Krawczynski
2003-08-05 15:44 ` Trond Myklebust
2003-08-05 14:56 ` Jesse Pollard
2003-08-05 22:08 ` Helge Hafting
2003-08-24 17:35 ` Hans Reiser
2003-08-24 19:02 ` Helge Hafting
2003-08-25 8:27 ` Nikita Danilov
2003-08-25 15:48 ` Hans Reiser
2003-08-05 14:12 ` Jesse Pollard
2003-08-05 14:21 ` Stephan von Krawczynski
2003-08-05 15:53 ` Herbert Pötzl
2003-08-04 20:47 ` Jan Harkes
2003-08-04 15:42 ` Brian Pawlowski
2003-08-04 15:56 ` Stephan von Krawczynski
2003-08-04 16:16 ` Herbert Pötzl
2003-08-04 16:35 ` Stephan von Krawczynski
2003-08-04 16:54 ` Herbert Pötzl
2003-08-04 17:18 ` Stephan von Krawczynski
2003-08-04 17:25 ` Herbert Pötzl
2003-08-04 21:38 ` Jesse Pollard
2003-08-05 0:06 ` Stephan von Krawczynski [this message]
2003-08-05 3:11 ` Neil Brown
2003-08-04 21:29 ` Jesse Pollard
2003-08-04 23:42 ` Stephan von Krawczynski
2003-08-05 16:46 ` viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030805020604.62be10e6.skraw@ithnet.com \
--to=skraw@ithnet.com \
--cc=aebr@win.tue.nl \
--cc=beepy@netapp.com \
--cc=herbert@13thfloor.at \
--cc=jesse@cats-chateau.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox