[Bug 2311] simple attack when control channel muxing is used

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2311

--- Comment #6 from Christoph Anton Mitterer <calestyo at scientia.net> ---
(In reply to Damien Miller from comment #4)
> As I mentioned, root being able to access user sockets is
> intentional behaviour. I'm not interested in adding additional
> checks to prevent this - they would need to be behind an option to
> avoid breaking existing, legitimate uses and I don't believe that
> the maintenance and complexity cost of a new config option is
> warranted.
> 
> Don't use shared directories for mux sockets.

It seems kinda strange that you blindly close this issue away, even
though it's a very valid issue (which someone might have sooner or
later worked upon - while now it will just be forgotten),... especially
since my analysis contained several other issues, which are not simply
solved by adding documentation.

Also you seem to completely ignore the security issue pointed out by
someone on the list, that it's apparently only the MUC server, which
makes UID checks while the client blindly trusts.

Especially when one looks at similar situations (strictmodes on key
files, etc.) where one didn't just let this handle improperly by
documentation, instead properly intercepting it on a code level.
Actually someone did even provide a patch which would have likely
properly fixed some of the issues described herein, so why didn't that
got merged?

Or is control muxing simply considered a dead feature where development
is no longer desired to be seen?




(In reply to Tomas Mraz from comment #5)
> It should be documented in the ssh manual page that the socket must
> be created in proper places.
It already is (at least partially)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.