Date: Wed, 26 Jun 2002 08:26:37 -0500 From: Robin Smith <rasmith@aristotle.tamu.edu> To: freebsd-security@FreeBSD.ORG Subject: OpenSSH hole Message-ID: <200206261326.g5QDQb8t090120@aristotle.tamu.edu>
next in thread | raw e-mail | index | archive | help
Having installed the openssh-portable port on a couple of FreeBSD boxes, I have a note and a question. Note: The port does just about the whole job (creates user/group sshd, dir /var/empty) and (with the option -D OPENSSH_OVERWRITE_BASE) puts all the stuff in the right places, except for the sample rc script, which it tries to drop into /usr/etc/rc.d. Since that's not part of the standard FreeBSD layout, the make then dies (so symlink /usr/etc->/usr/local/etc). Otherwise, all I had to do was edit and install the config files. Question: With privsep on, I see two 'sshd' processes created with each connection, one owned by root and one by the connecting user. However, if the connecting user happens to be root (i.e. if PermitRootLogin is on), then there's no split (and even if there were, both would be owned by root, of course). I haven't heard anything much about how the exploit works, but can someone who knows what the vulnerability actually is tell me if this means you're still vulnerable even with 3.3 and privsep if you allow root logins? Robin Smith Department of Philosophy rasmith@tamu.edu Texas A&M University Voice (979) 845-5696 College Station, TX 77843-4237 FAX (979) 845-0458 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206261326.g5QDQb8t090120>