From owner-cvs-all Sat Jul 8 3:42:42 2000 Delivered-To: cvs-all@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id BA0D337B919; Sat, 8 Jul 2000 03:42:37 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Sat, 8 Jul 2000 06:42:36 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Dag-Erling Smorgrav Cc: Wes Morgan , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh sshd.c In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 8 Jul 2000, Dag-Erling Smorgrav wrote: > Wes Morgan writes: > > I hope that there is no way ever in 1e6 years that someone will be able to > > subvert /proc/curproc and get sshd to execute the program of his choice as > > root when it gets HUP'd. I can't think of any way possible, but there are > > 6 billion people out there besides me. > > Well, for starters, /proc might not be mounted, and an 3v1l h4xx0r > might be able to trick a root-owned process into creating > /proc/curproc/file. Your root directory should not be world writable. If the cracker could trick a process into unmounting /proc and making it so that the sshd could be subverted, {,s}he could just as easily have done whatever root thing they wanted to do in the first place. This change has no effect at all on security. > DES > -- > Dag-Erling Smorgrav - des@flood.ping.uio.no -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message