Unix Programming - Re: c printf/variables content visible in compiled binary. How to

This is Interesting: Free IT Magazines  
Home > Archive > Unix Programming > November 2007 > Re: c printf/variables content visible in compiled binary. How to





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: c printf/variables content visible in compiled binary. How to
David Schwartz

2007-11-28, 7:34 pm

On Nov 28, 1:29 pm, Benoit Lefebvre <benoit.lefeb...@gmail.com> wrote:

> It's an RSA ssh key.
>
> My script is calling ssh to do some check on a list of remote systems
> and I don't want the rsa key available on the filesystem or to any
> user.
>
> So my program create a temporary file and use it as the public key for
> the ssh connection. Once it's done it erases the file.
>
> --Ben

Since the user of the script is authorized to perform that command,
and the RSA ssh key can only be used to perform that command (right?
otherwise, fix that first!) there is no harm in allowing anyone
authorized to use the script to see the key.

Fundamentally, the solution is to split the program into two parts, a
client and a server. The client only sends requests to the server and
the server only performs requests the client is authorized to issue.
The user has no access to the server and so can't compromise it. You
already have this, you just need to lock down the server so it will
only perform authorized operations. Then it won't matter if the user
sees what's in the client.

DS
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com