/mandos/release : revision 24.1.146

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Björn Påhlsson
Date: 2010-03-27 18:39:02 UTC
mfrom: (237.2.177 mandos)
mto: (237.7.1 mandos) (24.1.154 mandos)
mto: This revision was merged to the branch mainline in revision 270.
Revision ID: belorn@braxen-20100327183902-24g6cra7xqq31g8t

Merge from Teddy:

* New upstream release.
* debian/rules: Build with BROKEN_PIE set on mips and mipsel
architectures - fixes FTBFS there.
* New upstream release.
* Do not copy unnecessary files to initrd (Closes: #551907)

Show diffs side-by-side

added added

removed removed

mandos.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2009-09-17">

<!ENTITY TIMESTAMP "2009-12-09">

<!ENTITY % common SYSTEM "common.ent">

%common;

453

backtrace. This could be considered a feature.

454

</para>

455

<para>

456

Currently, if a client is declared <quote>invalid</quote> due to

457

having timed out, the server does not record this fact onto

458

permanent storage. This has some security implications, see

459

<xref linkend="clients"/>.

456

Currently, if a client is disabled due to having timed out, the

457

server does not record this fact onto permanent storage. This

458

has some security implications, see <xref linkend="clients"/>.

460

459

</para>

461

460

<para>

462

461

There is currently no way of querying the server of the current

549

548

</para>

550

549

<para>

551

550

If a client is compromised, its downtime should be duly noted

552

by the server which would therefore declare the client

553

invalid. But if the server was ever restarted, it would

554

re-read its client list from its configuration file and again

555

regard all clients therein as valid, and hence eligible to

556

receive their passwords. Therefore, be careful when

557

restarting servers if it is suspected that a client has, in

558

fact, been compromised by parties who may now be running a

559

fake Mandos client with the keys from the non-encrypted

560

initial <acronym>RAM</acronym> image of the client host. What

561

should be done in that case (if restarting the server program

562

really is necessary) is to stop the server program, edit the

563

configuration file to omit any suspect clients, and restart

564

the server program.

551

by the server which would therefore disable the client. But

552

if the server was ever restarted, it would re-read its client

553

list from its configuration file and again regard all clients

554

therein as enabled, and hence eligible to receive their

555

passwords. Therefore, be careful when restarting servers if

556

it is suspected that a client has, in fact, been compromised

557

by parties who may now be running a fake Mandos client with

558

the keys from the non-encrypted initial <acronym>RAM</acronym>

559

image of the client host. What should be done in that case

560

(if restarting the server program really is necessary) is to

561

stop the server program, edit the configuration file to omit

562

any suspect clients, and restart the server program.

565

563

</para>

566

564

<para>

567

565

For more details on client-side security, see

Older »