Re: DSA-134-1

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: DSA-134-1
From: Ralf Dreibrodt <ralf@dreibrodt.de>
Date: Tue, 25 Jun 2002 17:16:51 +0200
Message-id: <[🔎] 3D188963.78F9B33A@dreibrodt.de>
References: <[🔎] 814053EA-87C9-11D6-AC16-00039355CFA6@suespammers.org> <[🔎] 20020624232846.GH28956@wiggy.net> <[🔎] 87r8ivfs1o.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 3D186BC9.545DC569@dreibrodt.de> <p04320409b93e2c1ed95a@[192.168.3.11]>

Hi,

Christian Jaeger wrote:
> 
> Hmm, I'm wondering if it's any better: if the attacker manages code
> to run in the chrooted daemon, I suspect he can also advise the part
> running as root to open up a new root connection? Isn't it that the
> separation simply protects against direct shell launch attacks? Well
> I'm not educated enough to know, just wondering.

just imagine:
i login as root.
su to ralf (man su)
ralf executes any buggy programm, where someone else can insert
shellcode.
(e.g. chmod 777 /home/ralf -R; /home/ralf/myshellscript.sh)

this shellcode is executed as user ralf, not as user root.

there is no chance to execute the shellcode, which inserted any other
user in /home/ralf/myshellscript.sh) as root, although i logged in as
root. (if we assume that there is no bug in "su")

bye
Ralf

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: DSA-134-1
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: DSA-134-1
  - From: Christian Jaeger <christian.jaeger@sl.ethz.ch>

References:
- DSA-134-1
  - From: Anthony DeRobertis <asd@suespammers.org>
- Re: DSA-134-1
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: DSA-134-1
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: DSA-134-1
  - From: Ralf Dreibrodt <ralf@dreibrodt.de>
- Re: DSA-134-1
  - From: Christian Jaeger <christian.jaeger@sl.ethz.ch>

Prev by Date: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
Next by Date: Re: DSA-134-1
Previous by thread: Re: DSA-134-1
Next by thread: Re: DSA-134-1
Index(es):
- Date
- Thread