openssl+openssh

Gert Doering gert at greenie.muc.de
Wed Jul 31 17:44:36 EST 2002


Hi,

On Tue, Jul 30, 2002 at 02:51:21PM +0000, ew-ssh at kegger.national-security.net wrote:
>   On second thought...at which point in the code does openssh use openssl?  
> Would this take place while the "little guy" is jailed off in some obscure
> non-root location?  If that's the case, then do we have to worry about the
> ssl bug in privsep'd installations?  To what extent do we even need to 
> worry about the openssl problem?

PrivSep can prevent a remote break-in with file system access.

What PrivSep can not prevent is a break-in with network access from the
insecure host - which could then be abused for DDOS or SPAM relaying or
other attacks based on things that this machine can do in the network that
an "outside" machine can't do.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de



More information about the openssh-unix-dev mailing list