Bugtraq mailing list archives
Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
From: syl () ALCOR CONCORDIA CA (Sylvain Robitaille)
Date: Mon, 4 Oct 1999 12:36:59 -0400
Chris Keane wrote:
Surely this still isn't ideal, though? It now won't overwrite root-owned files, so the security hazard isn't there, but anyone on the system can still fool a user into overwriting one of his own files, which is not great.
No. The code in newchannels.c checks to make sure that the directory where the socket is about to be created is owned by the user, and readable/writable only to this user. A user could create a symbolic link that points to some file in a directory they already have write permission to, but that's no big feat. (Existing files aren't overwritten by bind() either, even when symlinks are followed. If the symlink target exists, bind() returns "address in use". At least that's the case on Digital Unix.) Jeff's patch implements an approach that Dan Astoorian suggested to me off the list, and we both agree it is a reasonable approach. -- ---------------------------------------------------------------------- Sylvain Robitaille syl () alcor concordia ca Systems Manager Concordia University Instructional & Information Technology Montreal, Quebec, Canada ----------------------------------------------------------------------
Current thread:
- RFP9904: TeamTrack webserver vulnerability, (continued)
- RFP9904: TeamTrack webserver vulnerability .rain.forest.puppy. (Oct 02)
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 02)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian (Oct 05)
- Weakness In "The Matrix" Screensaver For Windows Boyce, Nick (Oct 04)
- Re: Weakness In "The Matrix" Screensaver For Windows Glenn Walker (Oct 05)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Chris Keane (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 04)
- FireWall-1 weakness? Rosner, D (Oct 04)
- WIn98 port security query Jay R. Ashworth (Oct 01)