On 2009/11/25 16:19, Joep Vesseur wrote:
> Interesting case... At first I thought it was April 1st already, but I guess
> we'll see more tools like this appearing as familiarity cases (NFS-shell
> anyone?)
>   
Huh... nmap(1) is also such an interesting case. Whilst such kind of 
tools could potentially induce security impact to the network or systems 
connected, we'd more intent to leverage its merits, e.g. diagnosing 
system vulnerabilities and troubleshooting network problems, et al.

FWIW yersinia was being identified as a good packet generation tool for 
PSARC/2009/436 Anti-spoofing Link Protection, so the major motivation to 
include this tool is to test the link protection for the layer 2 attacks.
> I realize that any user can install this software by downloading and
> compiling, but I'm left with two questions when it's present out of the box:
>
>  - what privileges are needed by this software? 
It only needs privilege of net_rawaccess. The net_rawaccess privilege 
for command /usr/bin/yersina would be present in RBAC's exec_attr(4) out 
of box.
> Can any regular user run this
>    and, perhaps accidentally, create havoc on the networks he's connected to?
>    I guess it would be nice if only users with "Network Security" or another
>    suitable profile were able to use this program.
>   
I agree an profile could be more suitable in this case, but "Network 
Security" may not sufficient for the net_rawaccess privilege. And I 
cannot found a more suitable profile for its usage after probing around. 
Am wondering is it required to create a new profile, since this tool 
only rely on one privilege?

>  - The FOSS document states that there are no network services provided by
>    this software and no authentication performed. The man-page however
>    mentions a daemon mode that offers a Cisco-like CLI that people can use
>    to monitor and launch attacks from. Who can start this daemon and how is
>    access to the daemon controlled?
>
>   
Due to time and resource constraints, this project would not enable the 
daemon mode for remote administration. A future case may make yersinia 
more secured and center controlled, i.e. as an standalone SMF service, 
but its main usage right now is that include it as a plain CLI utility 
that can diagnosing network problems, not a malicious daemon that could 
impose security attack to hosts and networks.


Thanks,
Siwei
> Joep
>   


-- 
Thanks,
Siwei

Reply via email to