Bugtraq mailing list archives
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
From: Chris.Keane () COMLAB OX AC UK (Chris Keane)
Date: Fri, 1 Oct 1999 19:39:20 +0100
On Thu, 30 Sep 1999, "JL" = Jeff Long wrote:
JL> Seeing the race problems with the previous two patches I thought I JL> would take a shot at one. It changes the effective uid/gid to the JL> user logging in before doing the bind() (and then resets them after) JL> which seems to take care of the problem. [ ... ] The bind() will JL> fail if a symlink exists to a file that the user would normally not JL> be able to write to (such as /etc/nologin). Surely this still isn't ideal, though? It now won't overwrite root-owned files, so the security hazard isn't there, but anyone on the system can still fool a user into overwriting one of his own files, which is not great. Or have I missed something? Cheers, Chris. ------------------------------------------------------------------- ><> --- Hardware Compilation Group, Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford, OX1 3QD, U.K. tel: +44 (1865) (2)73865 e-mail: Chris.Keane () comlab ox ac uk http://www.comlab.ox.ac.uk/oucl/users/chris.keane/
Current thread:
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy], (continued)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Casper Dik (Oct 01)
- RFP9904: TeamTrack webserver vulnerability .rain.forest.puppy. (Oct 02)
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 02)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian (Oct 05)
- Weakness In "The Matrix" Screensaver For Windows Boyce, Nick (Oct 04)
- Re: Weakness In "The Matrix" Screensaver For Windows Glenn Walker (Oct 05)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Chris Keane (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 04)
- FireWall-1 weakness? Rosner, D (Oct 04)
- WIn98 port security query Jay R. Ashworth (Oct 01)