search for: calanai

All-- su cannot be run without trusting the shell. The shell cannot be trusted without trusting any instructions the shell uses, from library calls to rc scripts. Hell, the instructions the shell uses can't even be trusted, since they're all living in userspace memory. By contrast, SSHD is generally a root owned, highly secure environment with no unpriveledged userspace

Hi, I'm running OpenSSH_3.0p1 and have discovered the following issue.. When using verbose logging and password authentication, if I mistakenly enter the password instead of the username then this is logged in syslog in plain text. I realise that I shouldn't do this ;-), but most OS's native utilities prevent logging the username in this situation. See below for an extract..