[OpenAFS-devel] Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Dean Anderson
dean at av8.com
Tue Feb 3 07:16:59 EST 2004
On Sat, 31 Jan 2004, Stephen Smoogen wrote:
>
> While you may be from Missouri, you will either have to take their word
> for it.. or go off and test it yourself. Get the older versions of ssh
> onto a machine, and get one of the ssh-xploits from a hacker site. Turn
> on privsep... watch it segfault and exit. Turn off privsep.. get root.
This doesn't mean the privsep prevented an exploit. If it segfaulted, a
little more fuzzing can get shell code to run. After that, you have at
least non-root access, and you have sockets to the privsep processes that
have root privilege.
We know how to escalate non-root processes to root.
So, the privsep didn't protect anything.
--Dean
>
> Sorry for feeding the trolls.
>
> On Tue, 27 Jan 2004, Dean Anderson wrote:
>
> >Really? Is there any links to what was avoided? I'd like to look at
> >these in detail before I concede that anything of values has been
> >demonstrated. I've heard these claims before, but I could not find any
> >substantiating details---the claims are dubious at best.
> >
> > --Dean
> >
> >On Tue, 27 Jan 2004, Damien Miller wrote:
> >
> >> Dean Anderson wrote:
> >> > Right. And there is an easy solution: Turn off Privsep. A process that
> >> > creates new user sessions needs root privileges, and those privileges
> >> > cannot be given away prematurely to "improve security". Privsep is just a
> >> > stupid idea for some programs. Probably for most programs...
> >>
> >> Privsep has avoided the last two real security problems found in
> >> portable OpenSSH, and others before that. The security gain has
> >> already been demonstrated.
> >>
> >> -d
> >>
> >
> >_______________________________________________
> >openssh-unix-dev mailing list
> >openssh-unix-dev at mindrot.org
> >http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
>
>
More information about the openssh-unix-dev
mailing list