[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: snmpconf Issue #17: security questions
Steve Waldbusser wrote:
> The disman group has been down this road before and had perfected the
> text that I re-used here regarding using the security credentials of the
> requester. However, I believe the expression mib and event mib have a
> security hole whereby the integrity of the operation is *not* preserved
> because the nature of the operation can be changed after the credentials
> have been stored. The PM MIBs rule regarding using the credentials of
> the writer of the last-updated code segment avoids this problem because
> any third party who attempts to modify my code changes the script to run
> with their authority, gaining no authority.
I was wrong regarding the expression and event mibs - you can use
VACM to protect against a third party modifying the operation.