Re: OpenSSH 3.4p1 Privsep

From: ericat_private
Date: Tue Sep 17 2002 - 09:24:08 PDT

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045"

Previous message: Torbjörn Hovmark: "Execution Rights Not Checked Correctly For 16-bit Applications"
In reply to: Andrew Danforth: "OpenSSH 3.4p1 Privsep"
Next in thread: Artem Chuprina: "Re: OpenSSH 3.4p1 Privsep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2002-09-16 at 17:48:42 -0400, Andrew Danforth wrote...

; During authentication, OpenSSH 3.4p1 with privsep enabled passes the
; cleartext password from the main process to the privsep child using a
; pipe.  Using strace or truss, root can see the user's plaintext password
; flying by.  I observed this behavior from OpenSSH 3.4p1 built using GCC on
; Solaris 2.8 and the current Debian OpenSSH 3.4p1 package.

This appears to not happen on FreeBSD using the OpenSSH 3.4p1 source
(not the FreeBSD distro). Also, it doesn't happen when using pub/priv
key authentication, as far as I can tell.

-#0

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045"
Previous message: Torbjörn Hovmark: "Execution Rights Not Checked Correctly For 16-bit Applications"
In reply to: Andrew Danforth: "OpenSSH 3.4p1 Privsep"
Next in thread: Artem Chuprina: "Re: OpenSSH 3.4p1 Privsep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 12:45:36 PDT