Re: defense-in-depth possible for sshd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/10/2012 01:12 AM, Bennett Haselton wrote:
> What about sshd -- assuming that the attacker can connect to sshd at all
> (i.e. not prevented by a firewall), if they find an exploit to let them
> take control of sshd, would that imply immediate total control of the
> machine?

Yes, but the question itself ignores the extensive security that 
accompanies sshd.

OpenSSH's server already features defense-in-depth.

OpenSSH's server features privilege separation, a mechanism in which the 
network connections and encryption are handled by a process which is 
unprivileged.  Attacks against connection handling or encryption won't 
get you root access.

OpenSSH's server code has been thoroughly audited for security.

Red Hat's build of OpenSSH's server features an SELinux policy.  Attacks 
which require system access not granted by the policy won't work.

All of Red Hat's systems feature shared lib address randomization, to 
protect against stack attacks.

Your hypothetical attack that takes control of sshd would have to defeat 
a number of levels of defense.  You compared sshd to httpd, which runs 
as a non-root user, but ignore that its *purpose* is to grant shell 
access to the system.  No matter what additional layers you add to sshd, 
a successful attack is going to grant shell access, because that's the 
purpose of the daemon.  You can't lower the privilege level of sshd to 
the point that an attacker can't get a shell (which is what was done to 
httpd) without making the service useless.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux