Vulnerability Development mailing list archives
RE: OpenSSH Vulns (new?) Priv seperation
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 27 Jun 2002 00:11:03 -0400 (EDT)
On Wed, 26 Jun 2002, Peter Mueller wrote:
reducing root-run code from 27000 to 2500 lines is the important part. who cares how many holes there are when it is in /var/empty/sshd chroot with no possibility of root :)
Interesting approach. This gives the attacker an opportunity to access your system. Exploiting local bugs in the kernel aside... using your system for further compromises or other behavior of this nature aside... chroot is still not a silver bullet. It essentially provides a filesystem level separation - but not on every system this means any particular IPC restrictions, for example. Having an attacker in the system, no matter what his uid is, is a serious problem. The attacker with no direct ability to do rm -rf / or to change your webpage would be perhaps considered less serious, but I do not buy this argument. If you maintain your system properly and patch it on a regular basis, script kiddies are really not that difficult to get rid of. Even if you actually get compromised, it is probably better for the kiddie to be able to do something terribly evident, so you can know about the compromise, restore the data and continue. Script kiddies rarely have access to exploits for not yet published vulnerabilities and so on. It is people with some serious intent and skills you should fear, and having one with uid != 0 does not make me feel any safer. Sure, privilege separation is an added value - will protect clueless people who do not keep up with patches from mass defacements - but that's it. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
- RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)