Security considerations for discovery mode only #209
Comments
|
The section from the readme exists from the very beginning, where only host-mode was available in wsdd. And the primary intention was to make clear that this implementation of the WSD protocol does not provide (additional) security features, e.g. support for https. It the time the README was written, there were also no security features, like As for security of the host mode: it may be possible to trigger traffic amplification attacks (see #48), but I never followed that up to do an analysis. Regarding, discovery (only) mode: Essentially, the same as for host mode applies. RCE might be an issue, if any of the underlying libraries is vulnerable to it. In the end, a lot of things happen here: HTTP and XML parsing, If there is anything wrong with that, wsdd will be affected as well. That being said, it would be interesting if somebody volunteers and does a fuzzing test or even an audit. The command line parameters from GVFS look good as they limit functionality to discovery mode only. |
Hi, thank you for including some security considerations in the README and man-page.
Do I understand correctly that the attack vector here would be RCE, either from a LAN or from the outside?
Is wsdd running in discovery mode only (
--no-host --discovery) equally at risk?GNOME GVFS daemon is now using wsdd to discover Windows machines in the local network.
This is the full command-line: https://gitlab.gnome.org/GNOME/gvfs/-/blob/26e350041dcc5c3dfdad3516c0fdc45a114ed851/daemon/gvfswsddservice.c#L454
Can you comment on the security implications of GNOME's usage of wsdd?
Thanks!
The text was updated successfully, but these errors were encountered: