10 Jan
2012
10 Jan
'12
2:56 p.m.
John Doe wrote:
From: Bennett Haselton bennett@peacefire.org
On 1/10/2012 5:16 AM, John Doe wrote:
The sshd child is running as bob; so it has bob (and not root) rights...
Yes, I understand that. What I said was that if you could take complete control of the sshd process you were connecting to, even if that process was completely unprivileged, you could still make it say "Accept a login from 'root' with password 'foo'" and then log in as root.
How would your bob owned child sshd take complete control of the parent root owned sshd...?
I have not read the details of any given exploit, but as I understand it, if one can craft an exploit that breaks in the middle of the login, the child would die, leaving one in the parent (root) process.
mark