Upcoming OpenSSH vulnerability

Chris Adams cmadams at hiwaay.net
Thu Jun 27 10:22:38 EST 2002


Once upon a time, Chris Adams <cmadams at hiwaay.net> said:
> I guess from that I should go ahead and make OpenSSH always open the TTY
> and then discard it if it is not needed for all platforms, not just
> Tru64 (at least the AIX folks were looking for this as well).  That
> would lessen the "#ifdef HAVE_OSF_SIA" count.

Thinking about this some more (I never think before I send apparently
:-) )...

If a TTY were always allocated before post-auth privsep kicked in, the
whole BROKEN_FD_PASSING would go away (because as far as I can see in a
quick look, FD passing is only used for the parent to open a TTY for the
child).  This could just always be done and the FD passing code and
privsep wrapping of pty_allocate() would go away.

Or, the TTY pre-allocation could depend on BROKEN_FD_PASSING,
HAVE_OSF_SIA, and _AIX.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



More information about the openssh-unix-dev mailing list