[Csync2] Public cluster -- Letting a pre-shared key escape
Clifford Wolf
clifford at clifford.at
Thu Apr 13 13:01:01 CEST 2006
Hi,
> group communityportal {
> host masterhost (slave1) (slave2) (slave3);
> key /home/ftp/pub/pre-shared-key-for-csync2.txt
> ...
> }
>
> [..]
>
> But there is a time window between the moment when a new slave
> finishes the configuration of his csync2 setup and the moment the
> master connects for the first time. This time window could be
> exploited by an attacker by pretending to be the masterhost.
csync2 also checks the ip-address of incoming connection. When a host
connects it first identifies to the peer. so when in your example the
'masterhost' connects to 'slave1', 'slave1' will lookup the ip-address
of 'masterhost' and return an "Identification failed!" error when the
ip-addresses do not match.
yours,
- clifford
--
ocaml graphics.cma <( echo 'open Graphics;;open_graph " 640x480"let
complex_mul(a,b)(c,d)=(a*.c-.b*.d,a*.d+.b*.c)let complex_add(a,b)(c
,d)=(a+.c,b+.d);;let rec mandel c n=if n>0 then let z=mandel c(n-1)
in complex_add(complex_mul z z)c else (0.0,0.0);; for x=0 to 640 do
for y=0 to 480 do let c=((float_of_int(x-450))/.200.0,(float_of_int
(y-240))/.200.0) in let cabs2(a,b)=(a*.a)+.(b*.b)in if cabs2(mandel
c 50)<4.0 then plot x y done done;;read_line()' )
for(var d,i=<>just</>,j=function(){d~=i~(defined(i=next[*],i)?" ":"
");},just,another,SPL,hacker;defined i||({debug d;return 0;});j());
More information about the Csync2
mailing list