2.5.2p2 ssh-keyscan installed group writable?
Jason Stone
jason at dfmm.org
Wed Mar 28 08:20:45 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> and i also wonder why isn't ssh group, other readable:
>
> no)
> AC_MSG_RESULT(no)
> SSHMODE=0711
> ;;
> *) AC_MSG_RESULT(yes)
> SSHMODE=04711
Because it's (unfortunately) setuid, and you don't want people to be able
to easily read your setuid binaries.
For example, a linux exploit was just published today which allows any
setuid binary to be exploited, but in order for the exploit to work, you
have to run objdump on the binary to find the bss offset. If the binary
is not readable, then the above attack is frustrated (though not
prevented).
Yet another reminder that suid binaries are A Bad Thing.
-Jason
---------------------------
If the Revolution comes to grief, it will be because you and those you
lead have become alarmed at your own brutality. --John Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE6wRJIswXMWWtptckRAqspAJwO6SyRK7VCYAtW2DZ0vI2thXjnrACePcn9
tKWMHTdpw3Sr7VmWNbhKmK0=
=iwOE
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list