Re: UseLogin and openssh-portable priv separation

From: Andrew McNaughton (andrew@scoop.co.nz)
Date: 06/25/02


Date: Wed, 26 Jun 2002 07:25:02 +1200 (NZST)
From: Andrew McNaughton <andrew@scoop.co.nz>
To: Brian Behlendorf <brian@hyperreal.org>


On Tue, 25 Jun 2002, Brian Behlendorf wrote:

> On Tue, 25 Jun 2002, Niels Provos wrote:
> > If you do UseLogin, that means that you will loose privilege
> > separation after authentication. The Pre-authentication phase is
> > still privilege separated even with UseLogin enabled.
>
> Right, I got that from the man page, but was still slightly unclear: does
> using UseLogin remove the security that prevents the to-be-released
> exploit from being exploitable? Sounds like it does not remove that
> security, *unless* the attack came from someone who successfully
> authenticated, who could then get root?

As I understand things...

Whether or not you have UseLogin enabled, then a chrooted process run as
user sshd will be forked to handle the authentication stage. This process
terminates before the session is established. You should be able to see
this process in your process accounting files with lastcomm if you've
turned the accounting on.

If UseLogin is not enabled, sshd will then fork a process with the
priviledges of the user who is logging in, and this process will be the
parent of the spawned shell or other command, and will persist for the
duration of the connection.

If UseLogin is enabled then sshd won't fork a process owned by the user.
Once the session is started you will see much the same info in ps output
that you did before the new privilege separation was added.

whether this has any bearing on the soon to be relased exploit I obviously
cannot say for certain, but if UseLogin meant that the exploit could still
run, then I imagine Theo would have said so.

Andrew McNaughton

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: UseLogin and openssh-portable priv separation
    ... that means that you will loose privilege ... > separation after authentication. ... > still privilege separated even with UseLogin enabled. ...
    (FreeBSD-Security)
  • Re: OpenSSH IRIX
    ... :I really want to use UseLogin yes in the sshd_config so it uses /bin/login ... :for authentication (We use SecureID auth). ... :to authenticate users. ...
    (comp.security.ssh)
  • OpenSSH IRIX
    ... I really want to use UseLogin yes in the sshd_config so it uses /bin/login ... for authentication (We use SecureID auth). ... -h or -p to fix env. ...
    (comp.security.ssh)