Static bins

Ian Molton spyro at f2s.com
Wed Jan 7 11:20:45 PST 2004


On Wed, 07 Jan 2004 13:52:05 -0500
Robert Connolly <cendres at videotron.ca> wrote:

> Attempting to prevent unknown bugs is why sshd seperates privileges and hides 
> in a chroot. Sounds like the sshd developers have concerns about sshd's 
> safety. It's not safe just because its configured properly.

yes but the point is you can take this too far.

I mean, what if sshd had a bug, then someone exploited a bug in /sbin/false and then ran a local exploit of a bug in mremap, then inserted some code into the kernel that not only made it vulnerable but introduced another bug that someone else discovered, and found your machine, and then exploited ftpd and then got root by explointing the bug in the bug, cuased by the bug which the guy exploiting the other bug didnt notice, and...

basically, if you cant trust the kernel, you are *fucked*, so once you hit protection offered by the kernel, paranoia should stop there - IOW, sshd may have bugs, but you should consider the kernels chroot facilities 'secure', the last wall of defense against the attack.

theres always SOMEONE in holland with his house on 100ft pillars in case the sea defenses break...

-- 
Spyros lair: http://www.mnementh.co.uk/   ||||   Maintainer: arm26 linux

Do not meddle in the affairs of Dragons, for you are tasty and good with ketchup.



More information about the hlfs-dev mailing list