[ZODB-Dev] ZEO signal feature

[Toby Dickenson]

On Wednesday 25 Sep 2002 3:11 pm, Christian Reis wrote:

> > If using stunnel then you need to be able to trust that:
> > 1. It is really stunnel, not an attacker, listening on the local stun=
nel
> > port 2. It is really ZEO, not an attacker, listening on the remote po=
rt
> > 3. Your operating systems, stunnel, and ZEO have not been compromised=
=2E
>
> If your machines haven't been root-hacked, these are reasonable
> expectations.

This attack definitely doesnt need root access.=20

Any local user can try to create a socket listening on the same port as y=
our=20
zeo server, or stunnel. Of course this attempt will fail if your *real* z=
eo=20
or stunnel process is already listening..... so the attacker has to wait=20
until either of these services is down.

At this point your zope processes will happily send the attacker the obsc=
ured=20
password.

(assuming your ZEO server is not listening on a low numbered port anyway)

> Yes, a
> simple CHAP can be easily implemented, as soon as this is working in
> basic, we'll turn to using it, since a simple crypt it dumb.

Nice.

Have you considered authentication in the other direction; so that the ze=
o=20
clients can be sure it is talking to an authentic zeo server?=20