Date: Mon, 1 Jul 2002 04:17:22 +1000 (Australia/ACT) From: Darren Reed <avalon@coombs.anu.edu.au> To: security@freebsd.org Subject: security risk: ktrace(2) in FreeBSD prior to -current. Message-ID: <200206301817.EAA05639@caligula.anu.edu.au>
next in thread | raw e-mail | index | archive | help
The bug in ktrace(2) is present in all FreeBSD's that don't have p_candebug() in the kernel. In short, this is 4-stable, etc. What's the risk ? With OpenSSH 3.4, ssh-keysign gets installed setuid-root. Using the ktrace(2) bug, you can ktrace the ssh-keysign process after it resets its uid's and watch it read your ssh host keys, be they RSA or DSA. I'm working on a patch for FreeBSD that doesn't break either FreeBSD or ktrace(2) working the way it should. In the meantime: chmod 555 `which ssh-keysign` Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206301817.EAA05639>