Re: ssh difference v3.3 vs. 3.4 ???
3.4 contains bugfixes for a few problems I don't completely understand but I believe that there was a bug that could allow root access. Correct me if I'm wrong please. Check www.slashdot.org for some information on it. On Wed, 2002-06-26 at 15:37, Michael D. Schleif wrote: http://openssh.org/ -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GAT d? s:+ a? C L++ P+ L+++ E--- W+++(---) N+ o K- W--- O- M-(+) V-- PS+ PE+++(--) Y+ PGP++ t--- 5-- X-- R+ tv b DI++ D-- G++ e+ h! !r z? --END GEEK CODE BLOCK-- Get this decoded at http://www.ebb.org/ungeek signature.asc Description: This is a digitally signed message part
Re: ssh difference v3.3 vs. 3.4 ???
On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote: 3.4 contains bugfixes for a few problems I don't completely understand but I believe that there was a bug that could allow root access. If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. 3.4 added fixes for the real problems rather than just bandaging over them. However, 3.3 and I believe 3.4 both break certain parts of PAM support and various other things, at least when privilege separation is enabled. Check www.slashdot.org for some information on it. That wouldn't be my first port of call for security information, I must say. :) -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Colin Watson wrote: On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote: 3.4 contains bugfixes for a few problems I don't completely understand but I believe that there was a bug that could allow root access. If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. 3.4 added fixes for the real problems rather than just bandaging over them. [ snip ] This is what really, really confuses me !!! What is ``privilege separation'' ??? Where is it documented? (Not in the manpages, locally nor http://www.openbsd.org/cgi-bin/man.cgi?query=ssh nor http://www.openbsd.org/cgi-bin/man.cgi?query=sshd) . . . Worse, this is what I get on THREE (3) systems: # ssh -V OpenSSH_3.3 Debian 1:3.3p1-0.0woody1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f # sshd -V sshd: option requires an argument -- V sshd version OpenSSH_3.3 Debian 1:3.3p1-0.0woody1 . . . # grep -i rivi /etc/ssh/ssh*_config # Please, notice that that last command returned to the prompt *WITHOUT* anything satisfying grep ; What is this all about? How can I know that I am protected? What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
At 03:32 PM 06/26/02 -0500, Michael D. Schleif wrote: This is what really, really confuses me !!! What is ``privilege separation'' ??? Where is it documented? (Not in the manpages, locally nor http://www.openbsd.org/cgi-bin/man.cgi?query=ssh nor http://www.openbsd.org/cgi-bin/man.cgi?query=sshd) . . . man sshd_config and look for UsePrivilegeSeparation -- Bill Moseley mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Hi, Michael D. Schleif [EMAIL PROTECTED] writes: Colin Watson wrote: On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote: 3.4 contains bugfixes for a few problems I don't completely understand but I believe that there was a bug that could allow root access. If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. 3.4 added fixes for the real problems rather than just bandaging over them. [ snip ] This is what really, really confuses me !!! What is ``privilege separation'' ??? While it may not be exactly what you want, you may want to check out Ian Jackson's 'userv' package for some ideas about what this is. (I don't know what mechanism SSH uses though ;-) - Hari -- Raja R Harinath -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Bill = Thank you, for your participation . . . Bill Moseley wrote: At 03:32 PM 06/26/02 -0500, Michael D. Schleif wrote: This is what really, really confuses me !!! What is ``privilege separation'' ??? Where is it documented? (Not in the manpages, locally nor http://www.openbsd.org/cgi-bin/man.cgi?query=ssh nor http://www.openbsd.org/cgi-bin/man.cgi?query=sshd) . . . man sshd_config and look for UsePrivilegeSeparation UsePrivilegeSeparation Specifies whether sshd separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by conĀ taining any corruption within the unprivileged processes. The default is ``yes''. BSD September 25, 1999 BSD So, if I understand this, UsePrivilegeSeparation has been there for quite sometime; and, the default being ``yes'', it's been ON for several years -- especially in light of my systems having _no_ entry, therefore defaulting to ``yes''. Is this correct? If so, then what is new about this? Has UsePrivilegeSeparation been *fixed* in v3.3/3.4 ??? If this is the default, and has been for several years, then what is new with this hullabaloo? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
On Wed, Jun 26, 2002 at 04:17:56PM -0500, Michael D. Schleif wrote: Bill Moseley wrote: At 03:32 PM 06/26/02 -0500, Michael D. Schleif wrote: This is what really, really confuses me !!! What is ``privilege separation'' ??? You could always try google.com. The very first hit is relevant. So, if I understand this, UsePrivilegeSeparation has been there for quite sometime; No, the date on the man page simply hasn't been updated. It was new in 3.2 and made the default in 3.3. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Michael D. Schleif [EMAIL PROTECTED] writes: If so, then what is new about this? Has UsePrivilegeSeparation been *fixed* in v3.3/3.4 ??? Prior to v3.3, the default was off. In 3.3, I believe it was fixed to work on more systems and the default was changed to on. -- Alan Shutko [EMAIL PROTECTED] - In a variety of flavors! Your love life will be... interesting. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Alan Shutko wrote: Michael D. Schleif [EMAIL PROTECTED] writes: If so, then what is new about this? Has UsePrivilegeSeparation been *fixed* in v3.3/3.4 ??? Prior to v3.3, the default was off. In 3.3, I believe it was fixed to work on more systems and the default was changed to on. Is the date in the manpage inaccurate? September 25, 1999 -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
On Wed, Jun 26, 2002 at 04:53:51PM -0500, Michael D. Schleif wrote: Alan Shutko wrote: Michael D. Schleif [EMAIL PROTECTED] writes: If so, then what is new about this? Has UsePrivilegeSeparation been *fixed* in v3.3/3.4 ??? Prior to v3.3, the default was off. In 3.3, I believe it was fixed to work on more systems and the default was changed to on. Is the date in the manpage inaccurate? September 25, 1999 Dates in man pages are hard-coded near the top of the source for the page, not (generally) updated automatically. Don't rely on them as a means of figuring out what's changed; that's what changelogs and news files and so on are for. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Lo, on Wednesday, June 26, Colin Watson did write: On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote: 3.4 contains bugfixes for a few problems I don't completely understand but I believe that there was a bug that could allow root access. If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. So, I'm running ssh 3.3 as packaged for woody. I don't have UserPrivilegeSeparation turned off in any config files, but I still see the following: [nanny-ogg:~]$ ps aux | grep [s]shd root 268 0.0 0.2 2788 716 ?S06:19 0:00 /usr/sbin/sshd sshd is still running as root. Is this what I should be seeing? I would have thought, from the descriptions of privilege separation, that this process would be running as `sshd'. Or is there some other access-control mechanism going on here? I'm also observing this on the 3 potato machines I administer as well, though of course they're running ssh version 3.3p1-0.0potato6. 3.4 added fixes for the real problems rather than just bandaging over them. Any word on when 3.4 will be available as a .deb? Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
On Wed, Jun 26, 2002 at 05:25:16PM -0500, Richard Cobbe wrote: Lo, on Wednesday, June 26, Colin Watson did write: If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. So, I'm running ssh 3.3 as packaged for woody. I don't have UserPrivilegeSeparation turned off in any config files, but I still see the following: [nanny-ogg:~]$ ps aux | grep [s]shd root 268 0.0 0.2 2788 716 ?S06:19 0:00 /usr/sbin/sshd sshd is still running as root. Is this what I should be seeing? Yes, the parent process continues to run as root. If you ssh to a box running 3.3 and leave the connection at the password prompt, you'll see a process running as the sshd user until the authentication is completed. 3.4 added fixes for the real problems rather than just bandaging over them. Any word on when 3.4 will be available as a .deb? Not yet; there's some discussion of exactly what to do. (The discussions have been private, so unfortunately I can't give any details, not that I know all that much more anyway.) -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh difference v3.3 vs. 3.4 ???
Lo, on Wednesday, June 26, Colin Watson did write: On Wed, Jun 26, 2002 at 05:25:16PM -0500, Richard Cobbe wrote: Lo, on Wednesday, June 26, Colin Watson did write: If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. So, I'm running ssh 3.3 as packaged for woody. I don't have UserPrivilegeSeparation turned off in any config files, but I still see the following: [nanny-ogg:~]$ ps aux | grep [s]shd root 268 0.0 0.2 2788 716 ?S06:19 0:00 /usr/sbin/sshd sshd is still running as root. Is this what I should be seeing? Yes, the parent process continues to run as root. If you ssh to a box running 3.3 and leave the connection at the password prompt, you'll see a process running as the sshd user until the authentication is completed. Ah. Since I use public-key authentication almost exclusively, that would explain why I never saw the sshd user. Thanks, Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]