Re: SSH Exploit Request

[Valdis.Kletnieks () vt edu]

On Sat, 15 Nov 2003 20:56:51 EST, Vladimir Parkhaev said:

> The fact is, upgrading sshd (not XYZ!) does not require reboot

Normally, yes.

>                                                                and does
> not affect any other processes that server runs.

Again, normally yes. But if you believe it's *impossible* for a run-away
process to not affect other processes, I suggest you go read up on fork bombs,
the numerous ways that various OOM-killers in the Linux kernel have proven
deficient, and a lot of other related issues.

>                                                  If you don't believe
> me, just... try it :)

I've *been* trying it since it was ssh.com's version 1.2.<verysmallN>
or so. Has worked reasonably every time, except for the one time I built it on
an IRIX 6.5.N and installed it on 6.5.M, where M<N.  It promptly ran afoul
of an API change, went runaway, and earned me a trip to the data center to
unsnarl things at the console.  (I also hit a similar problem when the
sshd was linked on an AIX system with the 4.3.3.75 version of libc, but
tried to run on a pre-.75 version, but *that* one promptly died a quick
and horrible death without impacting anything else).

<estimates number of SSH versions times number of machines, and gets at
least 4 digits>  So we've got some 99.98% reliability in installing sshd
without disruption.  But 99.98 isn't 100 unless you work at Intel.
Any my point is that anybody who's running a production system who is
installing *ANYTHING* with the attitude "this can't *possibly* fail" is
looking for a VERY rude awakening when it *does* fail.

So tell me - do you trust the installs enough to just do it and logout
without bothering trying to ssh in to make sure it works first? ;)

Attachment: _bin
Description: