OpenSSH hole

From: Robin Smith (rasmith@aristotle.tamu.edu)
Date: 06/26/02


To: freebsd-security@FreeBSD.ORG
Date: Wed, 26 Jun 2002 08:26:37 -0500
From: Robin Smith <rasmith@aristotle.tamu.edu>

Having installed the openssh-portable port on a couple of FreeBSD boxes, I
have a note and a question.

Note:

The port does just about the whole job (creates user/group sshd, dir /var/empty)
and (with the option -D OPENSSH_OVERWRITE_BASE) puts all the stuff in the right
places, except for the sample rc script, which it tries to drop into /usr/etc/rc.d.
Since that's not part of the standard FreeBSD layout, the make then dies (so symlink
/usr/etc->/usr/local/etc). Otherwise, all I had to do was edit and install the config
files.

Question:

With privsep on, I see two 'sshd' processes created with each
connection, one owned by root and one by the connecting user.
However, if the connecting user happens to be root (i.e. if
PermitRootLogin is on), then there's no split (and even if there were,
both would be owned by root, of course). I haven't heard anything
much about how the exploit works, but can someone who knows what the
vulnerability actually is tell me if this means you're still vulnerable
even with 3.3 and privsep if you allow root logins?

Robin Smith
Department of Philosophy rasmith@tamu.edu
Texas A&M University Voice (979) 845-5696
College Station, TX 77843-4237 FAX (979) 845-0458

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Canon printer and TurboPrint
    ... line to /etc/rc.conf (as root) ... If you want to do a better one refer to the Printing section in the FreeBSD ... I have tried TurboPrint on FreeBSD and it works. ... With this last command you see some new programs installed from the ...
    (freebsd-questions)
  • Re: HOW TO: Enabling root on a new server?
    ... Amusing to hear they are more secure on FreeBSD than linux although its ... this should let you upload a shell script which is then run as root ... (horribly insecure but thats plesk, and if you fiddle with their setting ...
    (freebsd-stable)
  • file system setup for new system - recommendations?
    ... and I ask for your collective help. ... I successfully built a FreeBSD system using defaults. ... I've tried to absorb input from the FreeBSD on-line handbook, ... A Reference says keep the root section small, ...
    (freebsd-questions)
  • Re: [OT] Sony CDs are not safe to play in a Windows computer
    ... >>I run a BSD Unix varient myself called FreeBSD. ... >>this is that if you don't run as root, then it cannot install itself at ... FreeBSD and other Unix varients don't have ... strip view finger mount fcsk more fcsk yes spray umount sleep ...
    (rec.arts.anime.misc)
  • AW: FreeBSD 2.2.9 / Installation problem
    ... I tried to send to freebsd-questions the following twice, ... Betreff: Re: FreeBSD 2.2.9 / Installation problem ... root correctly. ... system where I want to run it, the HP Omnibook, it is ad0. ...
    (freebsd-questions)