On Thursday 12 January 2012 18:56:04 Bennett Haselton wrote:
Or is there a reason that an exploit against OpenVPN would be less
powerful than an exploit against sshd?
Not really.
The thing is that the tools are there but you have to use them *CORRECTLY*
The OpenVPN server and the SSH server
On 01/12/2012 08:56 PM, Bennett Haselton wrote:
On 1/12/2012 5:25 PM, Johnny Hughes wrote:
On 01/12/2012 10:31 AM, Tilman Schmidt wrote:
Am 10.01.2012 19:05, schrieb Johnny Hughes:
Limit access to the sshd port from only authorized places ... and
the authorized places can be an openvpn type
On 01/10/2012 01:12 AM, Bennett Haselton wrote:
What about sshd -- assuming that the attacker can connect to sshd at all
(i.e. not prevented by a firewall), if they find an exploit to let them
take control of sshd, would that imply immediate total control of the
machine?
Yes, but the question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 10.01.2012 19:05, schrieb Johnny Hughes:
Limit access to the sshd port from only authorized places ... and
the authorized places can be an openvpn type connection if you
always need access from difference IPs. If you have a laptop, put
an
On Thu, Jan 12, 2012 at 10:31 AM, Tilman Schmidt
t.schm...@phoenixsoftware.de wrote:
I'm not convinced that would actually improve security.
What that does is replace the risk of intrusion via an sshd
exploit by the risk of intrusion via an OpenVPN exploit.
Yes, but only to someone with
On 01/12/2012 10:31 AM, Tilman Schmidt wrote:
Am 10.01.2012 19:05, schrieb Johnny Hughes:
Limit access to the sshd port from only authorized places ... and
the authorized places can be an openvpn type connection if you
always need access from difference IPs. If you have a laptop, put
an
On 1/12/2012 5:25 PM, Johnny Hughes wrote:
On 01/12/2012 10:31 AM, Tilman Schmidt wrote:
Am 10.01.2012 19:05, schrieb Johnny Hughes:
Limit access to the sshd port from only authorized places ... and
the authorized places can be an openvpn type connection if you
always need access from
If an attacker finds an exploit to take control of httpd, they're still
blocked in part by the fact that httpd runs as the unprivileged apache
user and hence can't write any root-owned files on the system, unless
the attacker also knows of a second attack that lets apache escalate its
On 01/10/12 11:12, Bennett Haselton wrote:
What about sshd -- assuming that the attacker can connect to sshd at all
(i.e. not prevented by a firewall), if they find an exploit to let them
take control of sshd, would that imply immediate total control of the
UsePrivilegeSeparation
Specifies
On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
On 01/10/12 11:12, Bennett Haselton wrote:
What about sshd -- assuming that the attacker can connect to sshd at all
(i.e. not prevented by a firewall), if they find an exploit to let them
take control of sshd, would that imply immediate total
From: Bennett Haselton benn...@peacefire.org
On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
UsePrivilegeSeparation
Specifies whether sshd(8) separates privileges by creating an
unprivileged child process to deal with incoming network traffic.
After successful authentication, another
On 1/10/2012 5:16 AM, John Doe wrote:
From: Bennett Haseltonbenn...@peacefire.org
On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
UsePrivilegeSeparation
Specifies whether sshd(8) separates privileges by creating an
unprivileged child process to deal with incoming network traffic.
After
From: Bennett Haselton benn...@peacefire.org
On 1/10/2012 5:16 AM, John Doe wrote:
The sshd child is running as bob; so it has bob (and not root) rights...
Yes, I understand that. What I said was that if you could take complete
control of the sshd process you were connecting to, even if
On Tue, Jan 10, 2012 at 2:49 PM, John Doe jd...@yahoo.com wrote:
From: Bennett Haselton benn...@peacefire.org
On 1/10/2012 5:16 AM, John Doe wrote:
The sshd child is running as bob; so it has bob (and not root)
rights...
Yes, I understand that. What I said was that if you could take
On 10/01/12 13:34, Bennett Haselton wrote:
On 1/10/2012 5:16 AM, John Doe wrote:
From: Bennett Haseltonbenn...@peacefire.org
On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
UsePrivilegeSeparation
Specifies whether sshd(8) separates privileges by creating an
unprivileged child process
John Doe wrote:
From: Bennett Haselton benn...@peacefire.org
On 1/10/2012 5:16 AM, John Doe wrote:
The sshd child is running as bob; so it has bob (and not root)
rights...
Yes, I understand that. What I said was that if you could take complete
control of the sshd process you were
On 01/10/2012 07:58 AM, Ned Slider wrote:
On 10/01/12 13:34, Bennett Haselton wrote:
On 1/10/2012 5:16 AM, John Doe wrote:
From: Bennett Haseltonbenn...@peacefire.org
On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
UsePrivilegeSeparation
Specifies whether sshd(8) separates privileges by
17 matches
Mail list logo