OpenSSH Trojan

Steve Bougerolle steveb at
Thu Aug 1 18:18:50 PDT 2002

On Fri, 2002-08-02 at 02:18, Matthias Benkmann wrote:
> Lesson to learn: NEVER EVER build as root. A user of the more control hint
> would have been relatively safe even when installing a trojaned OpenSSH.

I have to disagree with you, Matthias.  Your "more control" system will
give a lot more security to a single PC, and when I first saw it I was
really enthused and started to think how I could use it. However, within
a few minutes I realized that on a networked system using NFS that
exposes the huge majority of your system files to attack by anybody on
the network.  With NFS the rule must be "all important files are owned
by root".  

I'm sure I'm not the only LFSer who's still using NFS (and of course all
of us would like to dump it except the alternatives are too much

Of course, you can still build as a user and install as root, and that
half-security is worth something.

Steve Bougerolle
Creek & Cowley Consulting

Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list