Date: Tue, 4 Jul 2000 20:04:18 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Wes Morgan <morganw@chemicals.tacorp.com> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/crypto/openssh sshd.c Message-ID: <Pine.BSF.4.21.0007042002220.83838-100000@green.dyndns.org> In-Reply-To: <Pine.BSF.4.21.0007040918400.70488-100000@volatile.chemicals.tacorp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Jul 2000, Wes Morgan wrote: > I hope that there is no way ever in 1e6 years that someone will be able to > subvert /proc/curproc and get sshd to execute the program of his choice as > root when it gets HUP'd. I can't think of any way possible, but there are > 6 billion people out there besides me. If someone can unmount /proc, you're screwed. They can do many other, more dangerous things, too. This is nothing to worry about at all (the /proc/curproc/sshd exec thing, not being screwed by people gaining root priveleges :) -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007042002220.83838-100000>