From owner-freebsd-security Mon Jan 6 14:41:37 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E139037B401 for ; Mon, 6 Jan 2003 14:41:34 -0800 (PST) Received: from mailgate.rz.uni-karlsruhe.de (mailgate.rz.uni-karlsruhe.de [129.13.64.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5AC043EA9 for ; Mon, 6 Jan 2003 14:41:33 -0800 (PST) (envelope-from cmt@rz.uni-karlsruhe.de) Received: from rz-ewok.rz.uni-karlsruhe.de (postfix@rz-ewok.rz.uni-karlsruhe.de [129.13.80.10]) by mailgate.rz.uni-karlsruhe.de with esmtp (Exim 3.36 #1) id 18Vfw4-0002Bf-00; Mon, 06 Jan 2003 23:41:32 +0100 Received: by rz-ewok.rz.uni-karlsruhe.de (Postfix, from userid 1005) id 2167F801; Mon, 6 Jan 2003 23:41:32 +0100 (CET) Date: Mon, 6 Jan 2003 23:41:32 +0100 From: Christoph Moench-Tegeder To: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS Message-ID: <20030106224131.GB21393@rz-ewok.rz.uni-karlsruhe.de> References: <3E19F4B0.3090903@pantherdragon.org> <200301062139.h06Ld1Ka011779@aristotle.tamu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <200301062139.h06Ld1Ka011779@aristotle.tamu.edu> User-Agent: Mutt/1.4i X-PGP-Key: RSA/2048 0xB816EBBD X-PGP-Fingerprint: 89 2E 6D 05 95 B8 D7 1F 7C 1D C3 1E 95 A0 9B 5D X-GPG: supported Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ## Robin Smith (rasmith@aristotle.tamu.edu): > Whatever the credibility of this advisory, it seems the issue is handled > just by turning on privilege separation. If there was an exploit, an attacker shouldn't get root on your box but user sshd chroot()ed to /var/empty. This lessens the impact of bugs, but they don't vanish this way. > (2) Can anyone tell me any reason not to turn it on (apart from a few > additional entries in the process table)? It's off in the default FreeBSD > 4.7 config. It's on. OpenSSH >=3.4 hast priviledge seperation on by default and can be configured to the old behaviour by setting "UsePrivilegeSeparation no" (which is commented out in FreeBSD's config. Regards, cmt -- Spare Space To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message