Re: OpenSSL Vulnerability and OpenSSH
From: Markus Friedl (markus@openbsd.org)Date: 09/23/02
- Previous message: Markus Friedl: "Re: OpenSSL Vulnerability and OpenSSH"
- Maybe in reply to: Eric Maiwald: "OpenSSL Vulnerability and OpenSSH"
- Next in thread: skinnay@skinnux.com: "Re: dictionary"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Sep 2002 10:33:41 +0200 From: Markus Friedl <markus@openbsd.org> To: nestler@speakeasy.net
On Sat, Sep 21, 2002 at 09:43:48AM -0700, nestler@speakeasy.net wrote:
> I see a call to d2i_X509() in scard-opensc.c. This function
> uses the ASN.1 parser. I also see a call to PEM_read_PrivateKey()
> in authfile.c. That function also uses the ASN.1 parser.
> That last one gets used in a few different places in the SSH code (indirectly
> via key_load_private*()).
yes, but that's a completely different problem.
> Are you sure that none of these are problems? The SSH client
> is installed setuid root in some places and it would load potentially
> malicious private keys during the course of public key authentication without
> an agent. It seems like that could be a problem (at least a local problem).
the ssh client should not be installed setuid root with 3.4p1.
if installed setuid root, then the ssh client should drop privilegues
before loading the private user keys.
- Previous message: Markus Friedl: "Re: OpenSSL Vulnerability and OpenSSH"
- Maybe in reply to: Eric Maiwald: "OpenSSL Vulnerability and OpenSSH"
- Next in thread: skinnay@skinnux.com: "Re: dictionary"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
