[CentOS] defense-in-depth possible for sshd?
John Doe
jdmls at yahoo.comTue Jan 10 13:49:19 UTC 2012
- Previous message: [CentOS] defense-in-depth possible for sshd?
- Next message: [CentOS] defense-in-depth possible for sshd?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: Bennett Haselton <bennett at peacefire.org> > On 1/10/2012 5:16 AM, John Doe wrote: >> The sshd child is running as bob; so it has bob (and not root) rights... > > Yes, I understand that. What I said was that if you could take complete > control of the sshd process you were connecting to, even if that process > was completely unprivileged, you could still make it say "Accept a login > from 'root' with password 'foo'" and then log in as root. How would your bob owned child sshd take complete control of the parent root owned sshd...? JD
- Previous message: [CentOS] defense-in-depth possible for sshd?
- Next message: [CentOS] defense-in-depth possible for sshd?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list