[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [coldsync-hackers] Re: Security considerations



On Tue, Feb 27, 2001 at 05:03:53PM -0500, Alex Tronin wrote:
> I wouldn't bother too much about security with ColdSync.
> Most of the time person who makes a connection with the machine has physical
> access to it ( may be it less the case if you have infrared connection ), so
> why bother too much ?

	Because the person who has physical access to the machine may
not be the owner of the machine, or the person responsible for it.

	In real life, I'm a sysadmin. I'd like to offer ColdSync as a
supported service. However, I won't allow it on my network if I don't
think that it's reasonably safe.

	Also, I don't want to see my name in a CERT advisory.

> So I would assign to sync process non-priviliged user like "nobody" and
> chroot-ed it to designated directory.

	This works, but in a multi-user environment, it can be either
overly restrictive or a pain to administer (this may, of course, be
what you want).

> Main problems, IMHO, are in connection.

	Could you elaborate?

-- 
Andrew Arensburger                      This message *does* represent the
arensb@ooblick.com                      views of ooblick.com
	The less you bother me, the sooner you'll get results.

-- 
This message was sent through the coldsync-hackers mailing list.  To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body.  For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.