Re: defense-in-depth possible for sshd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

John Doe wrote:
> From: Bennett Haselton <bennett@xxxxxxxxxxxxx>
>
>> On 1/10/2012 5:16 AM, John Doe wrote:
>>>  The sshd child is running as bob; so it has bob (and not root)
>>> rights...
>>
>> Yes, I understand that.  What I said was that if you could take complete
>> control of the sshd process you were connecting to, even if that process
>> was completely unprivileged, you could still make it say "Accept a login
>> from 'root' with password 'foo'" and then log in as root.
>
> How would your bob owned child sshd take complete control of the
> parent root owned sshd...?

I have not read the details of any given exploit, but as I understand it,
if one can craft an exploit that breaks in the middle of the login, the
child would die, leaving one in the parent (root) process.

           mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux