On Fri, Jul 07, 2006 at 06:02:53PM +0800, Matt Johnston wrote: > With the svr-chansession.c exit patch I think the current > code is correct, as the exit value will only be unset when > i == svr_ses.childpidsize. I've modified the code to be a > bit clearer anyway. > > For the ssh-pty.c patch, I don't think this improves the > security/correctness much. tty_name is always a /dev/ttyXXX > device, and if an attacker can manipulate paths in /dev/, then > there are larger problems. Does that analysis sound > reasonable?
Both sound fine to me. As far as an attacker manipulating something. All they really have to manipulate is the string of the tty_name between the stat and the chown. Granted, this isn't easy either. But is the real reason for the patch. As I said, it isn't serious - just trying to be complete. > (PS, if you're using the monotone head, beware that there's > a known issue that can cause it to wait for input when > closing on Linux.) I am only using it for testing and auditing. Thanks for the quick attention. E -- Erik Hovland mail: erik AT hovland DOT org web: http://hovland.org/ PGP/GPG public key available on request
