RE: OpenSSH Vulns (new?) Priv seperation

From: Peter Mueller (pmuellerat_private)
Date: Wed Jun 26 2002 - 12:56:32 PDT

Next message: Valdis.Kletnieksat_private: "Re: OpenSSH Vulns (new?) Priv seperation"

Previous message: Joe Testa: "Re: Java and buffer overflows"
Maybe in reply to: wirepair: "OpenSSH Vulns (new?) Priv seperation"
Next in thread: Michal Zalewski: "RE: OpenSSH Vulns (new?) Priv seperation"
Next in thread: Valdis.Kletnieksat_private: "Re: OpenSSH Vulns (new?) Priv seperation"
Reply: Michal Zalewski: "RE: OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> "However, with privileges separation turned on, you are 
> immune from at least one remote hole."
> at least one? Jesus how many are there? any information 
> would be appreciated....
> -wire
"
Basically, OpenSSH sshd(8) is something like 27000 lines of code.  A
lot of that runs as root.  But when UsePrivilegeSeparation is enabled,
the daemon splits into two parts.  A part containing about 2500 lines
of code remains as root, and the rest of the code is shoved into a
chroot-jail without any privs.  This makes the daemon less vulnerable
to attack.
"

reducing root-run code from 27000 to 2500 lines is the important part.  who
cares how many holes there are when it is in /var/empty/sshd chroot with no
possibility of root :)

Peter

PS - agreed that his choice of wording is "interesting"...

Next message: Valdis.Kletnieksat_private: "Re: OpenSSH Vulns (new?) Priv seperation"
Previous message: Joe Testa: "Re: Java and buffer overflows"
Maybe in reply to: wirepair: "OpenSSH Vulns (new?) Priv seperation"
Next in thread: Michal Zalewski: "RE: OpenSSH Vulns (new?) Priv seperation"
Next in thread: Valdis.Kletnieksat_private: "Re: OpenSSH Vulns (new?) Priv seperation"
Reply: Michal Zalewski: "RE: OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:41:43 PDT