path to find ssh-rand-helper
Jon Peatfield
J.S.Peatfield at damtp.cam.ac.uk
Mon Apr 1 17:54:25 EST 2002
Before I actually implement the small changes needed to allow the
location of ssh-rand-helper to be specified in the config file, I'd
like to check that in doing so I won't be opening up a huge security
hole.
My brief reading of the code suggests that in entropy.c:seed_rng() the
ssh-rand-helper is run as the original uid (for binaries which were
setuid in the first place of course), so I can't spot any obvious
holes (but I may not be devious enough).
Since almost all the other paths can be overridden in the config (or
with -o), and the config file location can also be controlled from the
command line (-F for ssh, -f for sshd), I can't see any good reason
why the ssh-rand-helper location can't also be...
[ I will then nobble ssh-rand-helper to take the prng_cmds from a
user-specified source and I'll have a way to give people a small set
of files to install anywhere (with a helper shell script to specify
all the paths etc) ]
--
Jon Peatfield, DAMTP, Computer Officer, University of Cambridge
Telephone: +44 1223 3 37852 Mail: J.S.Peatfield at damtp.cam.ac.uk
More information about the openssh-unix-dev
mailing list