Date: Thu, 8 Oct 2009 19:13:00 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, db@danielbond.org, dougb@FreeBSD.ORG Subject: Re: openssh concerns Message-ID: <200910081713.n98HD0kj079775@lurza.secnetix.de> In-Reply-To: <460A3E92-37D5-49CA-A079-EC08867B8DD4@danielbond.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Doug Barton wrote: > > Daniel Bond wrote: > > > However, I'm concerned about the suggestion of using an > > > unprivileged port > > > > Please explain your reasoning, and how it's relevant in a world where > > the vast majority of Internet users have complete administrative > > control over the systems they use. There are shell machines with lots of user accounts, none of which have administrative control of the system. In fact I'm running such a machine myself. Suppose there is a security hole in sshd that enables a DoS attack, i.e. some use is able to kill the sshd daemon. Or maybe the sshd daemon dies because of some other, unrelated reason. If it was running on an unprivileged, a normal user would now be able to start up his own (probably modified) sshd daemon on the very same port. He won't have the correct host key, of course, but I can tell you that many users ignore the warning and innocently type "yes" when asked whether to accept the fingerprint. "Probably the admin reinstalled something, this happened before, don't worry." If you run the sshd daemon on a privileged port < 1024 (or one protected by mac_portacl(4)), that security problem does not exist at all. Normal users can't start up a fake daemon on such a port if the real daemon dies. Even if there are no user accounts, it's not worth taking chances. It's always possible that there will be some hole in some silly, unrelated daemon that enables remote execution ... then you have a "user account" without knowing. Successful attacks are often the result of two or more unrelated holes, so it's definitely worth to plug every sinlge hole, even small ones that seem unimportant. Running a critical daemon like sshd in an unprivileged port is such a hole, in my opinion. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910081713.n98HD0kj079775>