Bugtraq mailing list archives

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

From: Chris.Keane () COMLAB OX AC UK (Chris Keane)
Date: Fri, 1 Oct 1999 19:39:20 +0100

On Thu, 30 Sep 1999, "JL" = Jeff Long wrote:


  JL> Seeing the race problems with the previous two patches I thought I
  JL> would take a shot at one.  It changes the effective uid/gid to the
  JL> user logging in before doing the bind() (and then resets them after)
  JL> which seems to take care of the problem.  [ ... ]  The bind() will
  JL> fail if a symlink exists to a file that the user would normally not
  JL> be able to write to (such as /etc/nologin).

Surely this still isn't ideal, though?  It now won't overwrite root-owned
files, so the security hazard isn't there, but anyone on the system can
still fool a user into overwriting one of his own files, which is not
great.

Or have I missed something?

Cheers,
Chris.

------------------------------------------------------------------- ><> ---
    Hardware Compilation Group, Oxford University Computing Laboratory,
            Wolfson Building, Parks Road, Oxford, OX1 3QD, U.K.
    tel:  +44 (1865) (2)73865      e-mail:  Chris.Keane () comlab ox ac uk
            http://www.comlab.ox.ac.uk/oucl/users/chris.keane/

Current thread:

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy], (continued)
- - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Casper Dik (Oct 01)
  - RFP9904: TeamTrack webserver vulnerability .rain.forest.puppy. (Oct 02)
  - Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 02)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 04)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk (Oct 05)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert (Oct 04)
    - Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian (Oct 05)
    - Weakness In "The Matrix" Screensaver For Windows Boyce, Nick (Oct 04)
    - Re: Weakness In "The Matrix" Screensaver For Windows Glenn Walker (Oct 05)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Jeff Long (Sep 30)
  - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Chris Keane (Oct 01)
    - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Oct 04)
    - Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 04)
    - FireWall-1 weakness? Rosner, D (Oct 04)
  - WIn98 port security query Jay R. Ashworth (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Jeff Long (Sep 30)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Jeff Long (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Jeff Long (Oct 04)