[2341] in linux-security and linux-alert archive
[linux-security] Re: [Security - intern] Re: ssh and chroot...
daemon@ATHENA.MIT.EDU (David LaPorte)
Tue May 23 06:38:00 2000
From: "David LaPorte" <david_laporte@harvard.edu>
To: "Thomas Biege" <thomas@suse.de>
Cc: "Mike Bowie" <mike@goforgold.com>, <linux-security@redhat.com>
Date: Fri, 19 May 2000 07:17:59 -0400
Message-ID: <DAEGLMBHLDGCIEKGCBNPCEFJCAAA.david_laporte@harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.LNX.4.05.10005190839470.13445-100000@Galois.suse.de>
Resent-From: linux-security@redhat.com
Good call - I forgot to mention that. Caldera released an advisory a couple
months ago about it if anyone's interested:
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-008.0.txt
Dave
-----Original Message-----
From: Thomas Biege [mailto:thomas@suse.de]
Sent: Friday, May 19, 2000 2:44 AM
To: David LaPorte
Cc: Mike Bowie; linux-security@redhat.com
Subject: Re: [Security - intern] [linux-security] Re: ssh and chroot...
On Mon, 8 May 2000, David LaPorte wrote:
> I did something similar with telnetd by hacking login to accept an option
> that specified a directory to chroot to and specifying it via telnetd "-L"
> option. I suppose the same thing would work with ssh if you compiled with
Please take care here. Some telnetd versions use a non-secure way to alter
their **argv to reflect the host which is connected to them.
A maliciously formated hostname/DNS entry could be used to overwrite the
value of the -L option to bypass the usersupplied login program.
The maintainer of netkit has fixed it, AFAIK.
So, it's wiser to update to the most recent version of netkit.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
