Bugtraq mailing list archives
Re: Fix for ssh-1.2.27 symlink/bind problem
From: vix () CYBER EE (Toomas Kiisk)
Date: Tue, 5 Oct 1999 22:08:00 +0300
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 4 Oct 1999, Eivind Eklund wrote:
On Sat, Oct 02, 1999 at 06:38:46PM -0400, Scott Gifford wrote:I've put together a patch that lets ssh work around the OS bug that allows bind to follow symlinks.There isn't general consensus that this is an OS bug. We (as in FreeBSD) have installed a workaround consisting of blocking symlink following for the case, but we have not yet decided if we should make this permanent.
Look at bind(2) definition of latest Single UNIX spec, and pay special attention to errno values (ELOOP is there).
In my opinion, ssh is clearly the buggy party here; not following symlinks in the OS is just a workaround to avoid buggy programs causing problems.
Right. - -- vix http://home.cyber.ee/vix/pubkey.asc -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBN/pMl3lRrtGcyfHdAQF+LwP9E4D42xJMWxvZtJ/D7BIfdN+okohM98Gj I5L/+UYfIC3LztjHmAKQbjTIQPkGLcPrmhokRL9bwc32DdEb9cqHsSaqe77GNVEH S485ouIfIIai84bOfQlvVbcdZ0eSktfEHRGNErN1vPxJ06fe/MOzgjmkGKi1mM30 xJRCEe9rRWg= =NE4F -----END PGP SIGNATURE-----
Current thread:
- Buffer Overflows and Remote Root Exploits, (continued)
- Buffer Overflows and Remote Root Exploits Crispin Cowan (Oct 02)
- (no subject) Dennis Conrad (Oct 03)
- Re: Sample DOS against the Sambar HTTP-Server Steve (Oct 06)
- Re: Sample DOS against the Sambar HTTP-Server Dennis Conrad (Oct 08)
- Re: Sample DOS against the Sambar HTTP-Server syz (Oct 09)
- Re: Sample DOS against the Sambar HTTP-Server Steve (Oct 06)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 30)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Casper Dik (Oct 01)
- RFP9904: TeamTrack webserver vulnerability .rain.forest.puppy. (Oct 02)
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 02)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian (Oct 05)
- Weakness In "The Matrix" Screensaver For Windows Boyce, Nick (Oct 04)
- Re: Weakness In "The Matrix" Screensaver For Windows Glenn Walker (Oct 05)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Chris Keane (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 04)
- FireWall-1 weakness? Rosner, D (Oct 04)
- WIn98 port security query Jay R. Ashworth (Oct 01)