[ale] ssh remote root exploit :-(
James P. Kinney III
jkinney at localnetsolutions.com
Tue Jun 25 17:19:32 EDT 2002
Make a sshd user. From my /etc/passwd:
sshd:x:74:74::/var/empty/sshd:/bin/false
On Tue, 2002-06-25 at 16:19, John Mills wrote:
> ALErs -
>
> On Mon, 24 Jun 2002, David Bronson wrote:
>
> > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102495293705094&q=raw
>
> >From the linked note:
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> However, everyone should update to OpenSSH 3.3 immediately, and enable
> priv seperation in their ssh daemons, by setting this in your
> /etc/ssh/sshd_config file:
>
> UsePrivilegeSeparation yes
>
> Depending on what your system is, privsep may break some ssh
> functionality. However, with privsep turned on, you are immune from
> at least one remote hole. Understand?
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> I'm building openssh-3.3p1 from sources, and wondered which user to name
> for the 'separated' user. I chose 'nobody' but don't know if this was a
> good option.
>
> At startup I was told that '/var/empty' did not exist, so I created
> it. 'sshd' started, but I am not yet connecting successfully with
> 'UsePrivilegeSeparation yes' (works OK with 'no').
>
> Thanks for any comments.
>
> - John Mills
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
--
James P. Kinney III \Changing the mobile computing world/
President and CEO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list