Markus Friedl:
> On Wed, Oct 06, 1999 at 11:11:12AM -0400, Wietse Venema wrote:
> > This is the second SSH vulnerability involving bind() (the other
> > one involve port forwarding). They really ought to learn to perform
> > operations with the right privilege level.
> >
> > With a little tooling (such as set_eugid()) it is quite easy.
>
> please note, that ssh dropped support for uid-swapping beginning
> with version 1.2.13:
> in order to avoid leakage of the private hostkey (e.g. in core-dumps)
I was talking about seteuid(), which leaves real uid == 0, so that
the process remains protected against groping by unprivileged users.
What was that with core dumps again? Any program that has access
to secrets such as host keys should disable core dumps; not doing
so would be negligent.
Wietse
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bind proble... Markus Friedl
- Re: Fix for ssh-1.2.27 symlink/bind p... Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bi... Markus Friedl
- Re: Fix for ssh-1.2.27 symlin... Wietse Venema
- Re: Fix for ssh-1.2.27 symlin... Casper Dik
- Re: Fix for ssh-1.2.27 symlin... Eivind Eklund
- Re: Fix for ssh-1.2.27 symlin... Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bi... Markus Friedl
- Re: Fix for ssh-1.2.27 symlin... Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik
- Re: Fix for ssh-1.2.27 symlink/bind proble... Phillip Vandry
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk
