Date: Wed, 5 Dec 2001 09:53:32 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: titus manea <titus@edc.dnttm.ro> Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH UseLogin problem Message-ID: <20011205155332.GA23116@madman.nectar.com> In-Reply-To: <20011205090318.A7617@unix.edc.dnttm.ro> References: <20011205090318.A7617@unix.edc.dnttm.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 05, 2001 at 09:03:18AM +0200, titus manea wrote: > LD_ env vars like LD_LIBRARY_PATH and such do not work for setuid binaries. > (ld.so man page) > programs. Here is an example ( i did it as root). The check is not actually for setuid binaries. The check is for uid == euid && gid == egid. Because of the way that OpenSSH handles privilege switching, uid == euid == gid == egid == 0 when /usr/bin/login is invoked. OpenSSH-portable, on the other hand, happens to handle this differently, and you get uid == euid == egid == 0, but gid = <user's gid>. That's why it is not vulnerable in any case. Login as root instead of su'ing to root, and you'll probably get `better' results. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011205155332.GA23116>