[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [Security - intern] [linux-security] Re: ssh and chroot...
- From: "David LaPorte" <david_laporte harvard edu>
- To: "Thomas Biege" <thomas suse de>
- Cc: "Mike Bowie" <mike goforgold com>, <linux-security redhat com>
- Subject: Re: [Security - intern] [linux-security] Re: ssh and chroot...
- Date: Fri, 19 May 2000 07:17:59 -0400
Good call - I forgot to mention that. Caldera released an advisory a couple
months ago about it if anyone's interested:
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-008.0.txt
Dave
-----Original Message-----
From: Thomas Biege [mailto:thomas suse de]
Sent: Friday, May 19, 2000 2:44 AM
To: David LaPorte
Cc: Mike Bowie; linux-security redhat com
Subject: Re: [Security - intern] [linux-security] Re: ssh and chroot...
On Mon, 8 May 2000, David LaPorte wrote:
> I did something similar with telnetd by hacking login to accept an option
> that specified a directory to chroot to and specifying it via telnetd "-L"
> option. I suppose the same thing would work with ssh if you compiled with
Please take care here. Some telnetd versions use a non-secure way to alter
their **argv to reflect the host which is connected to them.
A maliciously formated hostname/DNS entry could be used to overwrite the
value of the -L option to bypass the usersupplied login program.
The maintainer of netkit has fixed it, AFAIK.
So, it's wiser to update to the most recent version of netkit.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E mail: thomas suse de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]