Date: Tue, 9 Apr 2002 17:38:23 +0200 (CEST) From: Alexander Leidinger <Alexander@Leidinger.net> To: xphilius@yahoo.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Verifying that a security patch has done it's thing... Message-ID: <200204091538.g39FcN1T009086@Magelan.Leidinger.net> In-Reply-To: <20020409151514.54994.qmail@web11808.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9 Apr, X Philius wrote:
> Questions:
> I just ran the patch to fix the OpenSSH issue from "Security Advisory
> FreeBSD-SA-02:13.openssh " on my development server.
>
> 1. How do I verify that the patch did what it was supposed to do? My
> understanding is that this will not update the version flag of OpenSSH,
> and so other than making sure that the patch and install etc run
> without error, how do I make sure everything is cool?
Someone posted a program to bugtraq which tries to attack the flaw in
question.
> 2. The security notice did not really say what I needed to do to make
> sure that the new version of sshd was loaded in to memory after the
> install. On my dev machine I just rebooted (the brute force method!)
> I'd rather not do the same on my prod machine. Can I run a "kill -1" on
> the process while logged in via SSH? My instincts tell me that would
> log me out. Do I need to be local on the machine and run a "kill -1",
> or do I have to actually stop sshd entirely and then restart it to load
> the new binary? Truth to tell, I can reboot my prod machine as well,
> but I am practicing for a day when my server is co-lo'ed elsewhere and
> not available for local log ins!
Only kill the master which is listening for new connections:
(102) netchild@ttyp0 > ps auxww | grep ssh
netchild 9068 0.0 0.5 1096 588 p0 S+ 5:35PM 0:00.00 grep ssh
root 164 0.0 1.0 2296 1316 ?? Ss Sun04PM 0:02.01 /usr/sbin/sshd
root 8837 0.0 1.4 2412 1736 ?? S 4:35PM 0:00.46 sshd: netchild@notty (sshd)
root 9059 0.5 1.4 2396 1732 ?? S 5:34PM 0:00.16 sshd: netchild@ttyp0 (sshd)
Here the process with the PID 164 has to get killed ("kill 164" is
enough), then restart sshd ("sshd" should be enough). Then check if you
are still able to log in (don't close your existing connection). If you
are, close every other ssh connection (either by logging out or by
killing the process).
Bye,
Alexander.
--
To boldly go where I surely don't belong.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204091538.g39FcN1T009086>