[CentOS] defense-in-depth possible for sshd?

m.roth at 5-cent.us m.roth at 5-cent.us
Tue Jan 10 14:56:17 UTC 2012


John Doe wrote:
> From: Bennett Haselton <bennett at peacefire.org>
>
>> On 1/10/2012 5:16 AM, John Doe wrote:
>>>  The sshd child is running as bob; so it has bob (and not root)
>>> rights...
>>
>> Yes, I understand that.  What I said was that if you could take complete
>> control of the sshd process you were connecting to, even if that process
>> was completely unprivileged, you could still make it say "Accept a login
>> from 'root' with password 'foo'" and then log in as root.
>
> How would your bob owned child sshd take complete control of the
> parent root owned sshd...?

I have not read the details of any given exploit, but as I understand it,
if one can craft an exploit that breaks in the middle of the login, the
child would die, leaving one in the parent (root) process.

           mark




More information about the CentOS mailing list