[Bug 395] New: ident-protocol gives "root" as connection owner
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Sep 12 15:59:50 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=395
Summary: ident-protocol gives "root" as connection owner
Product: Portable OpenSSH
Version: older versions
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: bibjah at bg.bib.de
When I tunnel a connection through openssh and the server tries to figure out
who is making the connection, it asks the local identd "who is running sshd"
instead of asking the remote identd (on the originating system) "who is
running the program connecting".
Therefore, all server programs relying on identd will believe that all tunneled
connections come from local user "root". I think this is a severe security
flaw.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list