Projects / Silktree / Comments

Comments for Silktree

07 Feb 2009 02:20 alevchuk

Re: Is Silk Tree secure?


> The answer is no.

>

> Silk Tree is an attempt to isolate the

> receiver side from the sending side

> (master host), so that if the sending

> side is compromised then the other side

> stays unaffected.

>

> This goal is not archived because if the

> adversary is able to ssh into the

> receiving side as the silktree user then

> the adversary is able to push anything

> into the /etc/passwd and /etc/group of

> the receiver.

>

> The sending side is isolated from the

> receiving side because of the one-way

> design of SSH and I am careful not to

> start executing any data that is

> gathered from the receiving side.

>

> Having this said, I would still prefer

> Silk Tree over the SSHing-as-root

> method.

This has been fixed in the 0.2 release.

08 May 2008 11:47 alevchuk

Is Silk Tree secure?

The answer is no.


Silk Tree is an attempt to isolate the receiver side from the sending side (master host), so that if the sending side is compromised then the other side stays unaffected.


This goal is not archived because if the adversary is able to ssh into the receiving side as the silktree user then the adversary is able to push anything into the /etc/passwd and /etc/group of the receiver.


The sending side is isolated from the receiving side because of the one-way design of SSH and I am careful not to start executing any data that is gathered from the receiving side.


Having this said, I would still prefer Silk Tree over the SSHing-as-root method.

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.