On Mon, 2014-11-10 at 19:46 +0100, Ángel González wrote: > Note that Linux enforces the discretionary permissions set on unix > sockets but other What exactly does that mean? > I guess the (euid != 0) checkis there in case ssh was root setuid? Or it's really to exclude root from the check, as Damien mentioned. > It > should probably be > changed to if ((euid != 0 && (getuid() != uid)) && (getuid() != euid)) > not to make it so easy > for a malicious root to use your remote connections (yes, it would need > receiving the peer ruid). Let's see what upstream thinks > However, for the attack shown, there's not so much to win from improving > the check at the > socket server side. It should be the connecting ssh (ie. root's) the one > verifying that the socket > is owned by himself. Yes... let's see what upstream replies :) Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev