Vulnerability Development mailing list archives

Re: OpenSSH Vulns (new?) Priv seperation

From: Valdis.Kletnieks () vt edu
Date: Wed, 26 Jun 2002 13:07:31 -0400

On Tue, 25 Jun 2002 12:00:54 PDT, wirepair <wirepair () roguemail net>  said:

"However, with privileges separation turned on, you are 
immune from at least one remote hole."
at least one? Jesus how many are there? any information 
would be appreciated....


We know there's a known-but-not-widely-disclosed hole, so the statement
is technically correct as it stands - at least one remote hole.

The point they were trying to make (perhaps poorly) was that if you enable
privilege separation, it closes off *entire classes* of attacks - things that
will be stopped because they can't work around the separation.  Even if a
second remote exploit is found/disclosed, all it gets the attacker is a
very stripped down chroot'ed running-as-nobody jail cell.

Now of course, it may be possible to mount an attack on the separation
mechanism itself - but that *still* raises the bar considerably to get a full
remote-root compromise.
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
  - RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)