Date: 08 Jul 2000 12:33:51 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Wes Morgan <morganw@chemicals.tacorp.com> Cc: Brian Feldman <green@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh sshd.c Message-ID: <xzp66qgud0w.fsf@flood.ping.uio.no> In-Reply-To: Wes Morgan's message of "Tue, 4 Jul 2000 09:21:15 -0400 (EDT)" References: <Pine.BSF.4.21.0007040918400.70488-100000@volatile.chemicals.tacorp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wes Morgan <morganw@chemicals.tacorp.com> writes: > I hope that there is no way ever in 1e6 years that someone will be able to > subvert /proc/curproc and get sshd to execute the program of his choice as > root when it gets HUP'd. I can't think of any way possible, but there are > 6 billion people out there besides me. Well, for starters, /proc might not be mounted, and an 3v1l h4xx0r might be able to trick a root-owned process into creating /proc/curproc/file. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp66qgud0w.fsf>