Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Glibc Local Root Exploit
From: Philip Rowlands <phr () DOC IC AC UK>
Date: Wed, 10 Jan 2001 22:15:17 +0000

Pedro Margate wrote:

The implementations of ssh that I'm familiar with (ssh and OpenSSH)
install the ssh binary as suid root by default.  This can be disabled
during configuration or after the fact with chmod.  I believe that would
prevent this exploit from operating.  I've turned off the suid bit on
every ssh installation I've performed and it seems to work the same.  I'm
not sure what reason ssh has to be suid root, nobody I've asked has any
idea.

Ssh was designed as a drop-in replacement for rsh/rlogin, by name if
necessary. Therefore, it has to be able to copy rsh's behaviour of
originating connections from a privileged port (yes, that's a lame
"security" feature"). If you don't need this, remove the SUID bit. I
would much prefer distributions to ship an unprivileged ssh client, with
guidance on how/why to enable it if necessary.


Cheers,

Phil


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]