Eivind Eklund:
> On Wed, Oct 27, 1999 at 06:35:56PM -0400, Wietse Venema wrote:
> > ssh starts up with the unprivileged real UID of the user; therefore
> > setting the effective UID also to that of the user makes the process
> > memory accessible for unprivileged access. This is how any reasonable
> > UNIX system works, not just Solaris.
>
> I disagree. A reasonable system tracks whether a process has ever had
> elevated privileges, and deny access to process memory (core dumps,
> debugger attachments) if it has had.
Some people live in a dream.
There is no standard that requires that UNIX systems disallow
process memory access after privilege changes.
A security-sensitive application must be prepared to deal with the
semantics of REAL SYSTEMS that conform to standards.
To summarize this thread: there was no need to break up the ssh
client into two processes in order to prevent unprivileged access
to host keys, even on systems with standard, but imperfect, semantics.
Wietse
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bind proble... Markus Friedl
- Re: Fix for ssh-1.2.27 symlink/bind p... Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bi... Markus Friedl
- Re: Fix for ssh-1.2.27 symlin... Wietse Venema
- Re: Fix for ssh-1.2.27 symlin... Casper Dik
- Re: Fix for ssh-1.2.27 symlin... Eivind Eklund
- Re: Fix for ssh-1.2.27 symlin... Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bi... Markus Friedl
- Re: Fix for ssh-1.2.27 symlin... Wietse Venema
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik
- Re: Fix for ssh-1.2.27 symlink/bind proble... Phillip Vandry
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk
- Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert
- Re: Fix for ssh-1.2.27 symlink/bind problem Scott Gifford
- Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian
