Glibc Local Root Exploit (fwd)
Pekka Savola
pekkas at netcore.fi
Fri Jan 12 08:19:25 EST 2001
On Thu, 11 Jan 2001, Gert Doering wrote:
> Hi,
>
> On Thu, Jan 11, 2001 at 11:41:36AM -0600, mouring at etoh.eviladmin.org wrote:
> > 2) Where is the correct 'sweet' spot to drop priviledge to stop this type
> > of attack (Assuming there is such a spot for every OS).
>
> Bind to the privileged socket very early, drop suid, then start doing
> anything else (parsing files, reading things).
>
> But if the bugs in glibc are bad enough, even that won't help...
This isn't enough. If SSHv1 is used, after connecting ssh reads system
private host key in case RhostsRSAAuthentication is being used.
Of course, you could read that in advance too.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list