Date: Fri, 21 Sep 2001 18:22:02 +0400 (MSD) From: Maxim Kozin <madmax@express.ru> To: FreeBSD-Security@FreeBSD.ORG Subject: Re: login_conf vulnerability. Message-ID: <Pine.BSF.4.05.10109211809230.6837-100000@ds.express.ru> In-Reply-To: <Pine.BSF.4.05.10109211744260.6837-100000@ds.express.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. Finaly NOT confirmed for OpenSSH_2.5.1p1. In my case, if sshd configured with "UseLogin: yes", then clinet can read files, but _according client permisson_, /etc/passwd , for example. If sshd configured "UseLogin: no" (default set), then client can't read any file, exepting /etc/motd. After enter over ssh on host, client can run "login" manualy. "login" has setuid bit, but and in this case - can read files only granted by standart unix permission. b.r. Kozin Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10109211809230.6837-100000>