Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
On Tue, 2002-06-25 at 15:57, Kruskal wrote:
> Has anyone applied this update yet? I did so on a potato box, enabled
> priv separation in the sshd config file and restarted sshd. I saw
> that a user called sshd was created. However, when I ssh'ed in, I
> didn't see any processes owned by sshd. In fact, the ssh daemon
> process was still owned by root.
I noticed this as well.. and decided to roll my own version, and include
a patch for setproctitle support, this to aide debugging.
It in fact does work, but the 'sshd' process from the 'sshd' user only
exists before login.
If you connect to the ssh daemon it will fork off this process, if you
do a ps-listing at this stage you will see it. As soon as you log in,
this process will be replaced by a process running as your user account.
You can also see that the 'priv' process (running as root) will be
chrooted in /var/run/sshd
This was/is all in woody, but I suspect potato to act the same :)
--
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: