Re: Ports 0-1023?

From: Blue Boar (BlueBoarat_private)
Date: Mon Jul 08 2002 - 10:38:16 PDT

Next message: Robert Bihlmeyer: "Re: Ports 0-1023?"

Previous message: Amoediun Trepcoze: "RE: Default passwords for TSO and CICS ?"
In reply to: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Ports 0-1023?"
Reply: Robert Bihlmeyer: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Robert Bihlmeyer wrote:
> What's the point in stripping root from sshd if it is able to run a
> shell as any user (including root)?

With the proposed change, sshd could only get root if someone with the 
actual root password comes along and hands it to the sshd.  With the 
existing scheme, any remote vulnerabilities in the sshd code that happen 
before it can drop privs will yield root without the password for the root 
account.

Which is exactly what I was after.

						BB

Next message: Robert Bihlmeyer: "Re: Ports 0-1023?"
Previous message: Amoediun Trepcoze: "RE: Default passwords for TSO and CICS ?"
In reply to: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: Ports 0-1023?"
Reply: Robert Bihlmeyer: "Re: Ports 0-1023?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 12:17:15 PDT