Re: OpenSSH Vulns (new?) Priv seperation

From: Valdis.Kletnieksat_private
Date: Wed Jun 26 2002 - 10:07:31 PDT

  • Next message: John Madden: "Re: OpenSSH Vulns (new?) Priv seperation"

    On Tue, 25 Jun 2002 12:00:54 PDT, wirepair <wirepairat_private>  said:
    
    > "However, with privileges separation turned on, you are 
    > immune from at least one remote hole."
    > at least one? Jesus how many are there? any information 
    > would be appreciated....
    
    We know there's a known-but-not-widely-disclosed hole, so the statement
    is technically correct as it stands - at least one remote hole.
    
    The point they were trying to make (perhaps poorly) was that if you enable
    privilege separation, it closes off *entire classes* of attacks - things that
    will be stopped because they can't work around the separation.  Even if a
    second remote exploit is found/disclosed, all it gets the attacker is a
    very stripped down chroot'ed running-as-nobody jail cell.
    
    Now of course, it may be possible to mount an attack on the separation
    mechanism itself - but that *still* raises the bar considerably to get a full
    remote-root compromise.
    -- 
    				Valdis Kletnieks
    				Computer Systems Senior Engineer
    				Virginia Tech
    
    
    
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:47:31 PDT