Re: BUG: simple attack when control channel muxing is used (was: Re: ControlMaster question)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 2014-11-11 at 08:00 +1100, Damien Miller wrote: 
> This behaviour is intentional. root is allowed to connect to users'
> control sockets for a number of reasons.
Even if,... shouldn't it then be properly documented or better:
the checks should be in place per default for root as well, and only
with some additional option ControlMasterConnectUnownedSockets=yes (or
something like this), which defaults to no, root should be allowed to do
this?
I mean most people will likely never need that features you mentioned,
but it happens rather easy that people place such things in /tmp
or /run .

Apart from that, have you seen Ángel's post where he says the check
would happen on the socket server side?
That would of course make any user (not just root) attackable.



> If you want to avoid root connecting to a suspect socket, then ensure
> root's sockets are created in a directory that is not writable by
> untrusted users. I use "ControlPath ~/.ssh/ctl-%C"
Or there should be a StrictModes option like on the sshd side, which
prohibits taking sockets from insecure locations per default.


Cheers,
Chris. 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux