From: Bennett Haselton <bennett@xxxxxxxxxxxxx> > On 1/10/2012 5:16 AM, John Doe wrote: >> The sshd child is running as bob; so it has bob (and not root) rights... > > Yes, I understand that. What I said was that if you could take complete > control of the sshd process you were connecting to, even if that process > was completely unprivileged, you could still make it say "Accept a login > from 'root' with password 'foo'" and then log in as root. How would your bob owned child sshd take complete control of the parent root owned sshd...? JD _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: defense-in-depth possible for sshd?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: defense-in-depth possible for sshd?
- From: John Doe <jdmls@xxxxxxxxx>
- Date: Tue, 10 Jan 2012 05:49:19 -0800 (PST)
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4F0C3E48.50805@peacefire.org>
- Follow-Ups:
- Re: defense-in-depth possible for sshd?
- From: m . roth
- Re: defense-in-depth possible for sshd?
- From: Bent Terp
- Re: defense-in-depth possible for sshd?
- References:
- defense-in-depth possible for sshd?
- From: Bennett Haselton
- Re: defense-in-depth possible for sshd?
- From: Adrian Sevcenco
- Re: defense-in-depth possible for sshd?
- From: Bennett Haselton
- Re: defense-in-depth possible for sshd?
- From: John Doe
- Re: defense-in-depth possible for sshd?
- From: Bennett Haselton
- defense-in-depth possible for sshd?
- Prev by Date: Re: SELinux and access across 'similar types'
- Next by Date: Re: defense-in-depth possible for sshd?
- Previous by thread: Re: defense-in-depth possible for sshd?
- Next by thread: Re: defense-in-depth possible for sshd?
- Index(es):
 |