Date: Wed, 26 Jun 2002 21:07:36 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: William Carrel <william.carrel@infospace.com> Cc: Jan Lentfer <Jan.Lentfer@web.de>, FreeBSD Security Mailling List <freebsd-security@FreeBSD.ORG> Subject: Re: OpenSSH Security (just a question, please no f-war) Message-ID: <7492.1025118456@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 26 Jun 2002 11:43:45 PDT." <B93F5971.12FF3%william.carrel@infospace.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <B93F5971.12FF3%william.carrel@infospace.com>, William Carrel writes
:
>If and only if you have ChallengeResponseAuthentication set to "yes" then
>you are vulnerable to a hole that will allow malicious code to be executed
>as the privsep user ("sshd") in the /var/empty chroot(). This could lead to
>further compromisation of your system (even inside the chroot as a
>relatively unprivileged user).
Which reminds me that we should really tweak the code and put it in a
jail instead of a chroot.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7492.1025118456>