Date: Tue, 21 Jul 1998 10:42:22 +0100 (BST) From: Jay Tribick <netadmin@fastnet.co.uk> To: ben@efn.org Cc: security@FreeBSD.ORG Subject: Re: Ssh vsprintf (was the lame whoose-language is better war) Message-ID: <Pine.BSF.3.96.980721104018.5652S-100000@bofh.fast.net.uk> In-Reply-To: <Pine.BSF.3.96.980721022531.8264B-100000@Tyr.office.EFN.org>
next in thread | previous in thread | raw e-mail | index | archive | help
| > I haven't had chance to look at the ssh code but why would it | > need to use vsprintf?? And also, why is it installed suid root? | | This package installs two programs that need special privileges. Ssh | is the client program, and it is by default installed as suid root, | because it needs to create a privileged port in order to use .rhosts | files for authentication. If it is not installed as suid root, it will | still be usable, but .rhosts authentication will not be available. Also, the | private host key file is readable by root only. Hmm.. Just OOI why would it need to be suid root to read the .rhosts file? Surely there's a better solution, maybe installing it sgid within it's own group? | >Mind you, none of these take input from STDIN or any other | >means so it would probably be a lot harder to exploit. | | On the contrary, if you glance through the ssh code for vsprintf it comes up | in the sshd and ssh packet creation code, as well as scp.c. Both of which do | take input from just about anything, including of course stdin. I stand corrected - I haven't had chance to look at the source code yet. Has anyone done an audit on it? Regards, Jay Tribick [| Network Administrator | FastNet International | http://fast.net.uk/ |] [| Finger netadmin@fastnet.co.uk for contact information |] [| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980721104018.5652S-100000>