Re: OpenSSH 3.4p1 Privsep

From: Peter J. Holzer (hjpat_private)
Date: Tue Sep 17 2002 - 11:09:03 PDT

Next message: Jose Nazario: "trillian DoS: trillian 1.0 pro also vulnerable"

Previous message: Vigneau, Steve: "RE: Execution Rights Not Checked Correctly For 16-bit Application s"
In reply to: Andrew Danforth: "OpenSSH 3.4p1 Privsep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2002-09-16 17:48:42 -0400, Andrew Danforth wrote:
> During authentication, OpenSSH 3.4p1 with privsep enabled passes the
> cleartext password from the main process to the privsep child using a
> pipe.  Using strace or truss, root can see the user's plaintext password
> flying by. 

Similar techniques work even without privilege separation, although they
may not not be so widely known or available.

For example, on Linux there is a utility "ltrace", which traces library
calls. And sure, enough, I find the password I typed (which is not my
real password, of course) in a call to memcpy:

| strcmp("hjp", "hjp")                              = 0
| strcmp("ssh-connection", "ssh-connection")        = 0
| strcmp("password", "publickey")                   = -20
| strcmp("password", "password")                    = 0
| memcpy(0xbffff4b7, "", 1)                         = 0xbffff4b7
| memcpy(0xbffff454, "", 4)                         = 0xbffff454
| malloc(4)                                         = 0x0808fe90
| memcpy(0x0808fe90, "foo", 3)                      = 0x0808fe90
                      ^^^ here it is.
| pam_set_item(0x080984f0, 5, 0x08086118, 0x08096e20, 0x08096e20) = 0
| pam_authenticate(0x080984f0, 1, 0x08086118, 0x08096e20, 0x08096e20
| <unfinished ...>

This is on a Redhat Linux 7.3 box with OpenSSH 3.1p1.

> I observed this behavior from OpenSSH 3.4p1 built using GCC on
> Solaris 2.8 and the current Debian OpenSSH 3.4p1 package.
> 
> Theo and Markus tell me that this is not an issue.  Theo says that you
> cannot prevent root from determining a user's password.  I don't disagree,
> but asked why OpenBSD bothers to encrypt user passwords at all if that is
> his attitude.

An unencrypted shadow password file would immediately disclose all
passwords to the intruder. By sniffing passwords, the intruder only gets
the passwords of the people who logged in using passwords during the
time until he is discovered. Depending on the use of the system, this
may make a difference. Also, password files are traditionally encrypted
on Unix. Why should OpenBSD change that, even if it doesn't add much
security?

> The level of effort to determine cleartext passwords, for even the most
> inexperienced Unix administrator, is almost zero given the above.  I

If you don't trust the sysadmin, don't put anything secret on his
computer. You should be concerned about people who get root privileges
illegitemately, however. Any script kiddie who is able to download some
l33t r00t exploiz is probably also able to find a trojaned sshd
somewhere. I'm less sure if they know about strace, though :-)

	hp

-- 
   _  | Peter J. Holzer      | Aeltere Sources (also solche, die schon
|_|_) | Sysadmin WSR / LUGA  | aelter als 12 Stunden sind) sollte man
| |   | hjpat_private        | bei Linux generell nicht einsetzen -
__/   | http://www.hjp.at/   | Real Time Linux??    -- Gerhard Schneider

application/pgp-signature attachment: stored

Next message: Jose Nazario: "trillian DoS: trillian 1.0 pro also vulnerable"
Previous message: Vigneau, Steve: "RE: Execution Rights Not Checked Correctly For 16-bit Application s"
In reply to: Andrew Danforth: "OpenSSH 3.4p1 Privsep"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 16:56:54 PDT