BUG: simple attack when control channel muxing is used (was: Re: ControlMaster question)
Stephen Frost
sfrost at snowman.net
Tue Nov 11 05:28:20 EST 2014
* Christoph Anton Mitterer (calestyo at scientia.net) wrote:
> > That said, an ownership check that prevents, among other things, root
> > from accidentally falling through a wormhole wouldn't be bad. Attached
> > patch against 6.7p1 should do.
>
> Wouldn't it be the enough to simply check whether
> - the socket is owned by the same user
> - has mode 600
> - and directory permissions are such, that another user couldn't have
> changed this (thinking of ACLs for that)
Should there be a hard-link count check also..? Haven't really thought
it all the way through, but that's a common thing to check also..
Thanks,
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141110/9f9cca63/attachment.bin>
More information about the openssh-unix-dev
mailing list