On Mon, Oct 25, 1999 at 07:05:01PM -0400, Wietse Venema wrote: > I was talking about seteuid(), which leaves real uid == 0, so that > the process remains protected against groping by unprivileged users. all I was trying to say is: 1) ssh _did_ use seteuid() for swapping uids (until version 1.2.12. ossh and openssh still use seteuid() and are not vulnerable to this attack). 2) post-ssh-1.2.12 uses a different, more complex approach and failes.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:57 PDT