Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

ssh quirks...

From: scott () SCOTTYELICH COM (Scott D. Yelich)
Date: Sun, 26 Dec 1999 06:39:56 -0700

-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 25 Dec 1999, Stanislav N. Vardomskiy wrote:

On Tue, 21 Dec 1999, Warner Losh wrote:

At best you can get a file in /etc/ that is owned by yourself.

This just *might* be a problem.

[DELETED]

Lastly, a simplest denial of service, creating /etc/nologin can disrupt
the service.


SSH seems very finicky... in many ways.  Unless this has been changed
in recent versions, it's also possible to disrupt/deny ssh service
if the directory *above* a login id's home directory isn't readable.

Can anyone explain what *that* requirement is for?

Scott
ps: Also, as a side note, scp seems to ignore alternative-login in ssh.
I'm not sure if that's a feature or a bug -- I consider it a bug and
thus have disabled scp on sites where I use alternative-login.
pps: 1.2.26

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBOGYarB4PLs9vCOqdAQH01gQA3NRhNlkjozdW6lb/FRsmOXWF3Y9quMzr
dQw804dEZ4CtkkTPX5rEoReKCAXvFn2FM6ZXOOYAYLytw7mXMHWvYmcbc25/MtR7
YoJYnb/OKDfSLc50GZmJUEEv8JmS5gG51AAyWvHggnWqnhUocz7pu6kVXv4YhjmA
kOTd77t3bU4=
=CNt9
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: