Re: Upcoming OpenSSH vulnerability

[Scott Francis <darkuncle@darkuncle.net>]

On Wed, Jun 26, 2002 at 10:42:38AM -0700, ben@trumpetpower.com said:
[snip]
> > sudo + ssh keys is a great way to manage a large network without
> > having  to give  ANYBODY root's  password. And when  an employee
> > leaves,  you just  remove their  account on  the admin  box, and
> > they're off  the network. No need  to change passwords  on every
> > box, because they never had them.
>
> Agreed, but  that's not  what I'm asking. I  said, ``non-policy.''

true enough, I misread.

> Privelege separation prevents whole classes of exploits by running
> a lot  of code as an  unpriveleged user. At least a  casual glance
> would  indicate that  some of  that sepatation  isn't possible  or
> becomes moot when direct root logins are permitted.

I was wondering that too. Loving the idea of privsep though. :)

> I  don't  permit  root  logins,  I  use  keypairs  and  sudo. This
> isn't  ``I'm too  lazy  to  do the  right  thing.'' This is,  ``Is
> there the  theoretical potential for  an exploit with  the default
> configuration that isn't possible with a different well-documented
> configuration?'' And, yes, in theory, anything is possible.

Good question. Look forward to the answer. If true, I would have to
reconsider some things I do with ssh keys and root logins ...
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui

[demime 0.98d removed an attachment of type application/pgp-signature]