OpenSSH/scp ->> F-Secure SSH server Problems

Greg A. Woods woods at weird.com
Wed Mar 14 15:00:17 EST 2001 

[ On Wednesday, March 14, 2001 at 08:23:56 (+1100), Damien Miller wrote: ]
> Subject: Re: OpenSSH/scp ->> F-Secure SSH server Problems
>
> > not to mention that
> > almost all of those alternatives would then lead to total independence
> > of SSH and thus total portability across all generic transport protocols.
> 
> Huh? sftp-server is totally independant of SSH - it can be (and is in
> OpenSSH) a seperate binary that you could use to transfer files over
> TLS or whatever else you want.

I'm talking about the protocols, not the implementation.  In SSH-v2 the
SFTP application uses the "built-in subsystem" feature of the SECSH
protocol.  I.e. it is not independent of SSH -- it relies on an inherent
feature of the transport protocol.

> > The "built-in subsystem" feature is bad design.  It has no business
> > being directly in the transport protocol.  It is an ugly wart.
> 
> No, it is a robust way of specifying server systems without having to
> rely on locations of binaries, etc.

While some folks would no doubt want to specify the location of a binary
for various ill-thought-out security reasons, there is no real valid
reason do to so.  By not doing so one allows the server to choose the
correct binary by use of some platform specific methodology (eg. the
search PATH variable in POSIX systems).

Point of fact is that this silly protocol wart did not make OpenSSH more
robust in the face of a botched build system that specified the location
of the sftp server program in one place and then installed it into
another (one version of the NetBSD pkgsrc module did this, though
perhaps it was a generic bug in the OpenSSH build/install makefiles).
The hard-coded path in the "sshd" binary was in fact its downfall -- had
the built-in subsystem feature been avioded there would have been no
problem since the sftp server was found in the daemon's $PATH.

> It does not require that the
> subsystems be integrated into the server.

I'm not talking about any implementations, I'm talking about the protcol.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>

More information about the openssh-unix-dev mailing list