Re: OpenSSh 3.4p1 PrivilegeSerparation experiment

From: Aaron.Haydenat_private
Date: Sat Jun 29 2002 - 14:54:13 PDT

  • Next message: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."

    Hi,
    Here is a conglomeration response to the many emails I received.
    
      point: it is a _feature_ that makes it easy to upgrade versions.
    
    Perhaps it is.  Or maybe it is just easier for sshd to ignore processes
    forked to continue sessions while it handles its own signals.  This is
    of course not necessary behavior for upgrading OpenSSh remotely.
    
      point: why would you expect current sessions to reread config?
    
    Well, I wouldn't.  But I would expect terminations of sessions spawned
    under the original's configuration (all connections in my example).  In
    other words, I'd not expect all ssh daemons to die, but sessions run by
    the sshd process I kill should halt.
    
      point: vuln-dev?
    
    No, not really.  I only realized sshd does this on SIGHUP reading the
    source a few days ago.  If it surprises you like it does me, then sure
    you're vulnerable.
    
    -- 
                                             
      . .;i  Aaron.Haydenat_private  i;. .
       '` !     hayden.offwhite.net     ! `'
    
    : 'Knowledge of self is like life after death.'
    
    
    



    This archive was generated by hypermail 2b30 : Sat Jun 29 2002 - 14:29:56 PDT