On 14.01.2018 20:06, Tomas Vanek via OpenOCD-devel wrote: > On 14.01.2018 18:01, Christopher Head wrote: >> none of the above attacks would work if you had to, say, type a >> password before OpenOCD would accept your Telnet (or GDB, or TCL, or >> …) session. > If OpenOCD would require a password it also needs a safe channel to > transfer it. Drop telnet and use a ssh library instead? It would be enough if a fixed password was set on the OpenOCD commandline or in some config file - all scenarios so far assume that the attacker does not already have access to the local filesystem, so he would not know the password - while the user who started OpenOCD would.
cu Michael ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenOCD-devel mailing list OpenOCD-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openocd-devel
