[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf Issue #17: security questions





Steve Waldbusser wrote:

> The disman group has been down this road before and had perfected the
> text that I re-used here regarding using the security credentials of the
> requester. However, I believe the expression mib and event mib have a
> security hole whereby the integrity of the operation is *not* preserved
> because the nature of the operation can be changed after the credentials
> have been stored. The PM MIBs rule regarding using the credentials of
> the writer of the last-updated code segment avoids this problem because
> any third party who attempts to modify my code changes the script to run
> with their authority, gaining no authority.

I was wrong regarding the expression and event mibs - you can use 
VACM to protect against a third party modifying the operation.


Steve