https://bugzilla.mindrot.org/show_bug.cgi?id=2625
--- Comment #8 from Darren Tucker <[email protected]> --- (In reply to Richard E. Silverman from comment #7) > This should be addressed, but I disagree with the proposed solution > here. The real problem is not that ssh checks its euid Well it checks the uid of the user logging in, which may or may not be the euid of the process. In the case where sshd is running with UsePrivilegeSeparation=no the process making the bind() calls is running as root even when handling non-root logins. Similarly ssh can be installed setuid, although it's not common any more. If you don't have some kind of check (or do temporarily_use_uid()), well, things like https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 happen. Currently these errors are currently caught at config parse time. Your proposal wouldn't detect them until later when the connection was already up. These are solvable, eg by temporarily_use_uid() and/or by testing binds during config parsing, but it's not a simple case of "delete those checks and YOLO". -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
