OpenSSH/scp ->> F-Secure SSH server Problems

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Wed Mar 14 15:37:21 EST 2001 

On Tue, 13 Mar 2001, Greg A. Woods wrote:

[..]
> > > The "built-in subsystem" feature is bad design.  It has no business
> > > being directly in the transport protocol.  It is an ugly wart.
> > 
> > No, it is a robust way of specifying server systems without having to
> > rely on locations of binaries, etc.
> 
> While some folks would no doubt want to specify the location of a binary
> for various ill-thought-out security reasons, there is no real valid

inetd must be ill-thought-out...  

CGI/Perl scripts that define out EXTACTLY what binary they want to use
must be ill-thought-out.  

inittab must be ill-thought-out.

Do I need to go on?  There are more you just need to look around at
a standard POSIX unix install.

> reason do to so.  By not doing so one allows the server to choose the
> correct binary by use of some platform specific methodology (eg. the
> search PATH variable in POSIX systems).
> 
Correct binary?!?  Are you telling me as the ADMIN of my box *I* don't
know where *I* put sftp-server?!  Pish-posh.

Or are you suggesting that if OpenBSD connects to Solaris that I should
run a different sftp-server then if Linux connects to Solaris? 

> Point of fact is that this silly protocol wart did not make OpenSSH more
> robust in the face of a botched build system that specified the location
> of the sftp server program in one place and then installed it into
> another (one version of the NetBSD pkgsrc module did this, though
> perhaps it was a generic bug in the OpenSSH build/install makefiles).
> The hard-coded path in the "sshd" binary was in fact its downfall -- had
> the built-in subsystem feature been avioded there would have been no
> problem since the sftp server was found in the daemon's $PATH.
> 

What hardcoded path?  There is no hardcoded paths for sftp-server in sshd
unless NetBSD botched things (which I doubt).  Subsystems are defined in
your sshd_config.  How is this configured 'hard coded in the sshd'?  Heck
you can do:

subsystem myrenamedsftpserver  /path/to/sftp-server

then hack a sftp to launch ssh with 'myrenamedsftpserver' instead of
'sftp'.  How is this hardcoded?

I don't get your arguments.  I personally would rather state where system
services are instead of sshd randomly guessing where thing
are.  Sshd_config is the perfect place for such things.  Plus it shows
you extact where the system expects files.  Much easier to verify that
sshd can always find the subsystem.

Depending on $PATH for critical services *IS* a secure risk.  This is one
of the first things drilled into first year Web/CGI developers.

- Ben

More information about the openssh-unix-dev mailing list