[PATCH] prevent users from changing their environment

Tony Finch dot at dotat.at
Fri Jul 26 19:34:49 EST 2002


bob at proulx.com (Bob Proulx) wrote:
>
>Hmm...  Please don't take this harshly but as a consumer of this I
>dislike your proposed design on philosophical grounds.  It seems wrong
>way to try to add security in the way you are proposing it.  It is
>like pushing a string.  It is at the wrong end.

This is like the old joke where you ask a yokel the way to your
destination and he replies, "Well, I wouldn't start from here." I don't
have any choice about where I'm starting from because this is what the
system has evolved into after nine years, and it has tens of thousands
of users of inertia -- many of them still use unencrypted telnet, POP,
and IMAP. I've just started work here and I'm trying to reduce the number
of patches we have to maintain locally.

This kind of security problem has been well-known since the LD_PRELOAD
telnetd vulnerability of 1995. Of course in the sshd case it's only a
local shell-escape exploit rather than a remote root exploit, but it's
still a big pain for people trying to set up black-box systems. Without
this patch, sshd would be a weak point in the security of our system.

Tony.
-- 
f.a.n.finch <dot at dotat.at> http://dotat.at/
FISHER: WESTERLY 4 OR 5, DECREASING 3 LATER. RAIN DYING OUT. GOOD OCCASIONALLY
MODERATE.



More information about the openssh-unix-dev mailing list