From owner-freebsd-security  Fri Sep 21  7:22:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ds.express.ru (ds.express.ru [212.24.32.7])
	by hub.freebsd.org (Postfix) with ESMTP id 8A14F37B41A
	for <FreeBSD-Security@freebsd.org>; Fri, 21 Sep 2001 07:22:14 -0700 (PDT)
Received: from localhost.express.ru ([127.0.0.1] helo=localhost)
	by ds.express.ru with esmtp (Exim 2.12 #8)
	id 15kRC1-000Cnm-00
	for FreeBSD-Security@FreeBSD.ORG; Fri, 21 Sep 2001 18:22:13 +0400
Date: Fri, 21 Sep 2001 18:22:02 +0400 (MSD)
From: Maxim Kozin <madmax@express.ru>
To: FreeBSD-Security@FreeBSD.ORG
Subject: Re: login_conf vulnerability.
In-Reply-To: <Pine.BSF.4.05.10109211744260.6837-100000@ds.express.ru>
Message-ID: <Pine.BSF.4.05.10109211809230.6837-100000@ds.express.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hi.
Finaly NOT confirmed for OpenSSH_2.5.1p1.
In my case, if sshd configured with "UseLogin: yes",
then clinet can read files, but _according client permisson_,
/etc/passwd , for example.
If sshd configured "UseLogin: no" (default set), then client can't read
any file, exepting  /etc/motd.
 After enter over ssh on host, client can run "login" manualy.
 "login" has setuid bit, but and in this case  - can read files only
granted by standart unix permission.


b.r.
 Kozin Maxim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message