Trustworthy channel for communication

The trustworthy channel is the first step in sending the information. If the channel have loop holes and not reliable then you may be hit and your data can be hacked on the way.

If you send passwords in cleartext over an Ethernet LAN with untrusted people on it.

If you create a world-writable file and later try to read back data from that file.

If you create a file in /tmp with O_TRUNC but not O_EXCL, etc.

you’re trusting an untrustworthy intermediary to do what you want it to. If an attacker can subvert the untrustworthy channel, they may be able to deny you service by altering data in the channel, they may be able to alter the data without you noticing (causing bad things to happen — if the attacker makes that file in /tmp a symlink to a trusted file, you may end up destroying the contents of a privileged file instead of just creating a temporary file. gcc has some bugs of this kind, too, which can lead to an attacker inserting arbitrary code into programs you compile.) and even if they can’t do these things, they may be able to read data they shouldn’t.

Related posts

• Reason behind slow computer response (10)
• Cyber attack on federal government’s nuclear weapons laboratories (0)
• Zimbra Toaster email services for mac (0)
• What is cyclades (0)
• UTM in China (0)