<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: Ports 0-1023?

Re: Ports 0-1023?

From: Blue Boar <BlueBoar_at_thievco.com>
Date: Mon, 08 Jul 2002 10:38:16 -0700

Robert Bihlmeyer wrote:
> What's the point in stripping root from sshd if it is able to run a
> shell as any user (including root)?

With the proposed change, sshd could only get root if someone with the
actual root password comes along and hands it to the sshd. With the
existing scheme, any remote vulnerabilities in the sshd code that happen
before it can drop privs will yield root without the password for the root
account.

Which is exactly what I was after.

BB
Received on Jul 08 2002

This message: [ Message body ]
Next message: Robert Bihlmeyer: "Re: Ports 0-1023?"
Previous message: RT: "RE: Default passwords for TSO and CICS ?"
In reply to: Robert Bihlmeyer: "Re: Ports 0-1023?"
Next in thread: Robert Bihlmeyer: "Re: Ports 0-1023?"
Reply: Robert Bihlmeyer: "Re: Ports 0-1023?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]