Openssl and openssh
ew-ssh at kegger.national-security.net
ew-ssh at kegger.national-security.net
Thu Aug 1 23:43:03 EST 2002
Does privsep throw root out the window?
On Thu, 1 Aug 2002, Florian Weimer wrote:
> ew-ssh at kegger.national-security.net writes:
>
> > Ahh, ok; thank you. So basically only those servers who have public key
> > entries in my authorized_hosts[2] would be able to exploit the ssl
> > vulnerability? I suppose those who have an entry in my authorized_keys
> > already get access to the box, so why exploit it.
>
> Two things:
>
> - gaining root privileges
>
> - public key authentication might only grant non-interactive access
> (using "command=")
>
> But I agree that such a vulnerability is not too dangerous, given the
> sorry state of local security on UNIX-like systems in general.
>
>
More information about the openssh-unix-dev
mailing list