If the attackerss have root on your authentication system, they won't
need any certificates.
-- Marc Briceno <[EMAIL PROTECTED]> Voice: 510-986-8770 x310
Corporate Sales FAX: 510-986-8777
http://www.c2.net/
On Wed, 6 May 1998, Austin L. Gosling wrote:
> We have a system which relies on Apache+SSLeay for user authentication.
> The whole thing sits behind a firewall, and only essential services are
> up, but we have to consider the impact of someone successfully getting
> in to the server.
>
> The possible security hazard I have in mind is, what if someone does
> manage to get into the server? They could conceivably add a CA public
> certificate of their own choosing to the CACertificateFile used by
> Apache+SSLeay, and then gain access to our system by writing their own
> certificate, which would be validated by the server based on the
> CACertificateFile contents.
>
> Naturally, this file is read-only, etc., but root is root!
>
> The only idea I've come up with so far is to put the CACertificateFile
> on some media which is _physically_ read-only (a floppy with the
> read-only tab set comes to mind). Is there a better solution?
>
> Austin Gosling
>
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
