Date: Wed, 26 Jun 2002 07:25:02 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: Brian Behlendorf <brian@hyperreal.org> Cc: Niels Provos <provos@citi.umich.edu>, <security@FreeBSD.ORG> Subject: Re: UseLogin and openssh-portable priv separation Message-ID: <20020626071030.A91731-100000@a2> In-Reply-To: <20020625084414.K310-100000@yez.hyperreal.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 2002, Brian Behlendorf wrote: > On Tue, 25 Jun 2002, Niels Provos wrote: > > If you do UseLogin, that means that you will loose privilege > > separation after authentication. The Pre-authentication phase is > > still privilege separated even with UseLogin enabled. > > Right, I got that from the man page, but was still slightly unclear: does > using UseLogin remove the security that prevents the to-be-released > exploit from being exploitable? Sounds like it does not remove that > security, *unless* the attack came from someone who successfully > authenticated, who could then get root? As I understand things... Whether or not you have UseLogin enabled, then a chrooted process run as user sshd will be forked to handle the authentication stage. This process terminates before the session is established. You should be able to see this process in your process accounting files with lastcomm if you've turned the accounting on. If UseLogin is not enabled, sshd will then fork a process with the priviledges of the user who is logging in, and this process will be the parent of the spawned shell or other command, and will persist for the duration of the connection. If UseLogin is enabled then sshd won't fork a process owned by the user. Once the session is started you will see much the same info in ps output that you did before the new privilege separation was added. whether this has any bearing on the soon to be relased exploit I obviously cannot say for certain, but if UseLogin meant that the exploit could still run, then I imagine Theo would have said so. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626071030.A91731-100000>