Vulnerability Development mailing list archives

RE: OpenSSH Vulns (new?) Priv seperation

From: Peter Mueller <pmueller () sidestep com>
Date: Wed, 26 Jun 2002 12:56:32 -0700

"However, with privileges separation turned on, you are 
immune from at least one remote hole."
at least one? Jesus how many are there? any information 
would be appreciated....
-wire

"
Basically, OpenSSH sshd(8) is something like 27000 lines of code.  A
lot of that runs as root.  But when UsePrivilegeSeparation is enabled,
the daemon splits into two parts.  A part containing about 2500 lines
of code remains as root, and the rest of the code is shoved into a
chroot-jail without any privs.  This makes the daemon less vulnerable
to attack.
"

reducing root-run code from 27000 to 2500 lines is the important part.  who
cares how many holes there are when it is in /var/empty/sshd chroot with no
possibility of root :)

Peter

PS - agreed that his choice of wording is "interesting"...

Current thread:

OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
  - RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)