[Bug 327] monitor_fdpass.c: Expected 1 got 1075033556 - Privilege Separation
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jul 3 09:21:23 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=327
------- Additional Comments From dgatwood at apple.com 2002-07-03 09:21 -------
This isn't a security risk from what I can see. It's a risk of reading a bogus
file descriptor (or the wrong file descriptor). If somebody can muck with
your file descriptors enough to make this a security bug, then they're root
already. :-)
The fix for this, ideally, should be to detect the bogus value, report a
warning in the system log, and continue. If you get a valid file descriptor,
then clearly the message is really of the type expected, or else it's
garbage. Either way, the worst it can do is maybe provide a really obscure
local DOS attack.... As long as there are appropriate warnings in the
system log about this being a kernel bug, it seems reasonable to work
around it in this way. Please consider adding such a workaround to the
official tree.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list