Wietse Venema:
> Fred Morris:
> > Based on past reception I have no intention of continuing the discussion
> > here, if you have issues with the analysis you're welcome to open an
> > issue.
> > https://github.com/m3047/trualias/blob/master/install/table_security_analysis.md
>
> I'm not going to argue with this. Instead, I will take a well-deserved beer.
One thing: you're ignoring the possibility of privilege escalation.
If someone compromises the TCP map server (or the userID that it
runs as), then they can escalate privileges when a TCP map is used
for security-sensitive purposes. For example, they can execute
arbitrary shell commands if the map is used in alias_maps, and they
can write files with any UID that they return when a TCP map is
used by virtual_uid_maps.
Wietse
