[funsec] This sounds like a security disaster just waiting to happen...
Rich Kulawiec
rsk at gsp.org
Wed Apr 29 15:16:10 CDT 2009
On Wed, Apr 29, 2009 at 12:27:41PM -0700, Steve Pirk wrote:
> So, Microsoft has implemented a squid like server as part of their gateway
> solution for office connections to the net. If done correctly, sould be
> safe enough, no?
Well...I'm not so sure. I mean, if we grant the "done correctly" part
for the sake of argument, it sounds to me like a file F requested by
user A on system X may be cached on system Y used by user B, even if
user B does not have the appropriate permissions for file F. If that's
the case, and it may not be, then a security issue with system Y or
user B could expose file F.
Is this how others are reading it?
---Rsk
More information about the funsec
mailing list