Bugtraq mailing list archives

Re: OpenSSH 3.4p1 Privsep

From: eric () catastrophe net
Date: Tue, 17 Sep 2002 11:24:08 -0500

On Mon, 2002-09-16 at 17:48:42 -0400, Andrew Danforth wrote...

; During authentication, OpenSSH 3.4p1 with privsep enabled passes the
; cleartext password from the main process to the privsep child using a
; pipe.  Using strace or truss, root can see the user's plaintext password
; flying by.  I observed this behavior from OpenSSH 3.4p1 built using GCC on
; Solaris 2.8 and the current Debian OpenSSH 3.4p1 package.

This appears to not happen on FreeBSD using the OpenSSH 3.4p1 source
(not the FreeBSD distro). Also, it doesn't happen when using pub/priv
key authentication, as far as I can tell.

-#0

Current thread:

OpenSSH 3.4p1 Privsep Andrew Danforth (Sep 18)
- Re: OpenSSH 3.4p1 Privsep eric (Sep 18)
- Re: OpenSSH 3.4p1 Privsep Artem Chuprina (Sep 18)
- Re: OpenSSH 3.4p1 Privsep Just Marc (Sep 18)
- Re: OpenSSH 3.4p1 Privsep Peter J. Holzer (Sep 19)