Re: UseLogin and openssh-portable priv separation

From: Brian Behlendorf (brian@hyperreal.org)
Date: 06/25/02


Date: Tue, 25 Jun 2002 08:50:44 -0700 (PDT)
From: Brian Behlendorf <brian@hyperreal.org>
To: Niels Provos <provos@citi.umich.edu>

On Tue, 25 Jun 2002, Niels Provos wrote:
> If you do UseLogin, that means that you will loose privilege
> separation after authentication. The Pre-authentication phase is
> still privilege separated even with UseLogin enabled.

Right, I got that from the man page, but was still slightly unclear: does
using UseLogin remove the security that prevents the to-be-released
exploit from being exploitable? Sounds like it does not remove that
security, *unless* the attack came from someone who successfully
authenticated, who could then get root?

        Brian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: UseLogin and openssh-portable priv separation
    ... >> still privilege separated even with UseLogin enabled. ... user sshd will be forked to handle the authentication stage. ... that you did before the new privilege separation was added. ...
    (FreeBSD-Security)
  • Re: OpenSSH IRIX
    ... :I really want to use UseLogin yes in the sshd_config so it uses /bin/login ... :for authentication (We use SecureID auth). ... :to authenticate users. ...
    (comp.security.ssh)
  • OpenSSH IRIX
    ... I really want to use UseLogin yes in the sshd_config so it uses /bin/login ... for authentication (We use SecureID auth). ... -h or -p to fix env. ...
    (comp.security.ssh)