David LaPorte
2000-May-19 11:17 UTC
Re: [Security - intern] [linux-security] Re: ssh and chroot...
Good call - I forgot to mention that. Caldera released an advisory a couple months ago about it if anyone's interested: ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-008.0.txt Dave -----Original Message----- From: Thomas Biege [mailto:thomas@suse.de] Sent: Friday, May 19, 2000 2:44 AM To: David LaPorte Cc: Mike Bowie; linux-security@redhat.com Subject: Re: [Security - intern] [linux-security] Re: ssh and chroot... On Mon, 8 May 2000, David LaPorte wrote:> I did something similar with telnetd by hacking login to accept an option > that specified a directory to chroot to and specifying it via telnetd "-L" > option. I suppose the same thing would work with ssh if you compiled withPlease take care here. Some telnetd versions use a non-secure way to alter their **argv to reflect the host which is connected to them. A maliciously formated hostname/DNS entry could be used to overwrite the value of the -L option to bypass the usersupplied login program. The maintainer of netkit has fixed it, AFAIK. So, it's wiser to update to the most recent version of netkit. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
Reasonably Related Threads
- [RHSA-1999:029-01] Denial of service attack in in.telnetd
- Re: [Security - intern] *ALERT*: ADM Worm. Worm for Linux x86 found in wild.
- Security Update: [CSSA-2001-30.0] Linux - Telnet AYT remote exploit
- tftp-hpa 0.28, 0.29 interoperability problem
- LSF Update#14 v1.2 "lpr vulnerability"
Wisdom of the Ancients
