This race condition was pointed out to me a little while before my message made it to the list, and I am still puzzled as to how one would get the timing right to perform such a maneuvre. Is there a way to somehow detect that there's been an lstat performed without being superuser? Also, I think the amount of processor time it takes to create a symbolic link is multiple times larger than the amount of time between the return of lstat and actual socket creation, which would require the sshd process to hang temporarily or be seriously slowed down. Is that feasible? How would these things be done, or is there something I missed? I'm very familiar with C and the unix environment, but the security-related aspects still puzzle me somewhat. Even though this isn't the most critical security issue, I appreciate any feedback. Okay, I see a few other messages about popen, permissions and such... At the moment, I believe disabling remote agent services entirely is the only sure way to remedy the whole issue, which will require password authentication. And sshd needs to be run as root to perform authentication. I don't think there's an easy way around that one. -Eric
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:19 PDT