From owner-cvs-all  Sat Jul  8  3:34: 9 2000
Delivered-To: cvs-all@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id AE49037B54A; Sat,  8 Jul 2000 03:33:55 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id MAA64710;
	Sat, 8 Jul 2000 12:33:52 +0200 (CEST)
	(envelope-from des@flood.ping.uio.no)
To: Wes Morgan <morganw@chemicals.tacorp.com>
Cc: Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh sshd.c
References: <Pine.BSF.4.21.0007040918400.70488-100000@volatile.chemicals.tacorp.com>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 08 Jul 2000 12:33:51 +0200
In-Reply-To: Wes Morgan's message of "Tue, 4 Jul 2000 09:21:15 -0400 (EDT)"
Message-ID: <xzp66qgud0w.fsf@flood.ping.uio.no>
Lines: 13
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Wes Morgan <morganw@chemicals.tacorp.com> writes:
> I hope that there is no way ever in 1e6 years that someone will be able to
> subvert /proc/curproc and get sshd to execute the program of his choice as
> root when it gets HUP'd. I can't think of any way possible, but there are
> 6 billion people out there besides me.

Well, for starters, /proc might not be mounted, and an 3v1l h4xx0r
might be able to trick a root-owned process into creating
/proc/curproc/file.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message