On January 14, 2018 11:06:04 AM PST, Tomas Vanek via OpenOCD-devel <openocd-devel@lists.sourceforge.net> wrote: >If OpenOCD would require a password it also needs a safe channel to >transfer it. Drop telnet and use a ssh library instead?
Randomly generate it a print it to stdout at startup? Put it in the config file? Neither of those is vulnerable. Neither one handles GDB though. SSH doesn’t really solve the problem, actually: it would prevent packet sniffing (which can’t happen on localhost anyway, at least not without elevated privileges) but you would still need either a password or a key to authenticate the remote peer. I was really just trying to point out how this is a big problem which may be impractical to solve (especially the GDB remote, since the protocol is fixed). Would it be possible to replace all transports with named pipes? They can all work over pipes, but only stdio AFAIK, and there are too many interfaces to handle them all that way (especially with multiple taps). -- Christopher Head
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenOCD-devel mailing list OpenOCD-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openocd-devel