On 2009/11/25 16:19, Joep Vesseur wrote: > Interesting case... At first I thought it was April 1st already, but I guess > we'll see more tools like this appearing as familiarity cases (NFS-shell > anyone?) > Huh... nmap(1) is also such an interesting case. Whilst such kind of tools could potentially induce security impact to the network or systems connected, we'd more intent to leverage its merits, e.g. diagnosing system vulnerabilities and troubleshooting network problems, et al.
FWIW yersinia was being identified as a good packet generation tool for PSARC/2009/436 Anti-spoofing Link Protection, so the major motivation to include this tool is to test the link protection for the layer 2 attacks. > I realize that any user can install this software by downloading and > compiling, but I'm left with two questions when it's present out of the box: > > - what privileges are needed by this software? It only needs privilege of net_rawaccess. The net_rawaccess privilege for command /usr/bin/yersina would be present in RBAC's exec_attr(4) out of box. > Can any regular user run this > and, perhaps accidentally, create havoc on the networks he's connected to? > I guess it would be nice if only users with "Network Security" or another > suitable profile were able to use this program. > I agree an profile could be more suitable in this case, but "Network Security" may not sufficient for the net_rawaccess privilege. And I cannot found a more suitable profile for its usage after probing around. Am wondering is it required to create a new profile, since this tool only rely on one privilege? > - The FOSS document states that there are no network services provided by > this software and no authentication performed. The man-page however > mentions a daemon mode that offers a Cisco-like CLI that people can use > to monitor and launch attacks from. Who can start this daemon and how is > access to the daemon controlled? > > Due to time and resource constraints, this project would not enable the daemon mode for remote administration. A future case may make yersinia more secured and center controlled, i.e. as an standalone SMF service, but its main usage right now is that include it as a plain CLI utility that can diagnosing network problems, not a malicious daemon that could impose security attack to hosts and networks. Thanks, Siwei > Joep > -- Thanks, Siwei