Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Paranoid? Running SSHD as normal users. (rethink)

From: eparker () MINDSEC COM (Erik Parker)
Date: Fri, 6 Aug 1999 13:29:27 -0600

pc () cyclotron bombshelter net  pointed out to me:


This could be good.. But this could be bad. Running on a system with out
the shadow password suite, then this would work very easily,
running on a machine with a shadow password suite, it would atleast
require the shadow file to be group writeable to the GID you run
the program as. Which in most cases, shadow passwords are never readable
to a regular users group, otherwise what is the point of the shadow suite?


require the shadow file to be group READABLE.. Which again, it never
should be group readable to average users. However a lot of machines have
a group readable program, for programs like xlock, and other ones that
don't need to run as root, but do need to read that file.


The good: If SSH had a remote BO, the only thing compromised is anything
         in the group that /etc/shadow was r+w by.


And another mistake, obviously, if the shadow file is r+w to the person
who compromised it, they own the entire box. I don't know how I overlooked
that statement. I meant g+r, so its group readable..

And as Alan cox pointed out..

It might mean more trouble for the user logged in that way, if it was
being used in a legitimate way.. Because whoever owned the tty they are
sitting on, could easily write to their term.

Erik Parker
eparker () mindsec com
Previous By Date Next
Previous By Thread Next

Current thread: