Full Disclosure mailing list archives
Re: SSH Exploit Request
From: Valdis.Kletnieks () vt edu
Date: Sat, 15 Nov 2003 22:55:02 -0500
On Sat, 15 Nov 2003 20:56:51 EST, Vladimir Parkhaev said:
The fact is, upgrading sshd (not XYZ!) does not require reboot
Normally, yes.
and does not affect any other processes that server runs.
Again, normally yes. But if you believe it's *impossible* for a run-away process to not affect other processes, I suggest you go read up on fork bombs, the numerous ways that various OOM-killers in the Linux kernel have proven deficient, and a lot of other related issues.
If you don't believe me, just... try it :)
I've *been* trying it since it was ssh.com's version 1.2.<verysmallN> or so. Has worked reasonably every time, except for the one time I built it on an IRIX 6.5.N and installed it on 6.5.M, where M<N. It promptly ran afoul of an API change, went runaway, and earned me a trip to the data center to unsnarl things at the console. (I also hit a similar problem when the sshd was linked on an AIX system with the 4.3.3.75 version of libc, but tried to run on a pre-.75 version, but *that* one promptly died a quick and horrible death without impacting anything else). <estimates number of SSH versions times number of machines, and gets at least 4 digits> So we've got some 99.98% reliability in installing sshd without disruption. But 99.98 isn't 100 unless you work at Intel. Any my point is that anybody who's running a production system who is installing *ANYTHING* with the attitude "this can't *possibly* fail" is looking for a VERY rude awakening when it *does* fail. So tell me - do you trust the installs enough to just do it and logout without bothering trying to ssh in to make sure it works first? ;)
Attachment:
_bin
Description:
Current thread:
- Re: SSH Exploit Request, (continued)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Rodrigo Barbosa (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
- IE Vulnerability Sites Edward W. Ray (Nov 14)
- Re: SSH Exploit Request Peter Moody (Nov 14)
- Re: SSH Exploit Request Chris Watson (Nov 14)
- Re: SSH Exploit Request Gregory A. Gilliss (Nov 14)
- Re: SSH Exploit Request Bryan Allen (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 16)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 16)
- Re: SSH Exploit Request Jonathan A. Zdziarski (Nov 16)
- spoofing sir kaber (Nov 16)
- Re: SSH Exploit Request Ron DuFresne (Nov 16)
- Re: SSH Exploit Request KF (Nov 14)
- Re: SSH Exploit Request Jeremiah Cornelius (Nov 13)
- Re: SSH Exploit Request Adam (Nov 13)
- Re: SSH Exploit Request Ron DuFresne (Nov 13)
- Re: SSH Exploit Request Florian Weimer (Nov 13)