From owner-freebsd-questions  Tue Jul 31  1:17:21 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ns1.cb21.co.jp (b3.lan.neweb.ne.jp [210.157.128.252])
	by hub.freebsd.org (Postfix) with SMTP id 1BD0A37B401
	for <freebsd-questions@freebsd.org>; Tue, 31 Jul 2001 01:17:18 -0700 (PDT)
	(envelope-from admin@cb21.co.jp)
Received: (qmail 42107 invoked from network); 31 Jul 2001 17:17:16 +0900
Received: from localhost.cb21.co.jp (HELO localhost) (127.0.0.1)
  by localhost.cb21.co.jp with SMTP; 31 Jul 2001 17:17:16 +0900
Date: Tue, 31 Jul 2001 17:17:16 +0900 (JST)
From: Sys Admin <admin@cb21.co.jp>
To: <freebsd-questions@freebsd.org>
Cc: ADMIN <admin@cb21.co.jp>
Subject: ssh to a compromised (probably) box
Message-ID: <Pine.BSF.4.33.0107311708530.37842-100000@ns1.cb21.co.jp>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Hello,

 Just being curious.

 Considering the following scenario

 Box A (local) ----------------------> Box B (remote)

 Assume that box B has been compromised (root powers)

 If I ssh into box B from A, su to root and start investigating the
damage done, will the hacker be able to sniff the root password ? (during
su to root)

 [ Given that critical binaries (sshd, su ..) remained unchanged ]

Thanks in advance,

Tad.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message