[18553] in bugtraq
Re: Glibc Local Root Exploit
daemon@ATHENA.MIT.EDU (Philip Rowlands)
Wed Jan 10 22:06:00 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A5CDEF5.DA21033C@doc.ic.ac.uk>
Date: Wed, 10 Jan 2001 22:15:17 +0000
Reply-To: Philip Rowlands <phr@DOC.IC.AC.UK>
From: Philip Rowlands <phr@DOC.IC.AC.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
Pedro Margate wrote:
>
> The implementations of ssh that I'm familiar with (ssh and OpenSSH)
> install the ssh binary as suid root by default. This can be disabled
> during configuration or after the fact with chmod. I believe that would
> prevent this exploit from operating. I've turned off the suid bit on
> every ssh installation I've performed and it seems to work the same. I'm
> not sure what reason ssh has to be suid root, nobody I've asked has any
> idea.
Ssh was designed as a drop-in replacement for rsh/rlogin, by name if
necessary. Therefore, it has to be able to copy rsh's behaviour of
originating connections from a privileged port (yes, that's a lame
"security" feature"). If you don't need this, remove the SUID bit. I
would much prefer distributions to ship an unprivileged ssh client, with
guidance on how/why to enable it if necessary.
Cheers,
Phil
