FS#30950 - [rssh] Upstream reports circumvention
Attached to Project:
Arch Linux
Opened by Axilleas Pipinellis (markelos) - Tuesday, 31 July 2012, 22:42 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 01 August 2012, 04:04 GMT
Opened by Axilleas Pipinellis (markelos) - Tuesday, 31 July 2012, 22:42 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 01 August 2012, 04:04 GMT
|
Details
Description:
See the gentoo bugtracker [0]. I'll just copy and paste. Patch included. ----------------------------------------------- From an email [1] posted by the author of rssh to the bugtrack mailing list: <quote> Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is the one you're attempting to protect with rssh... This project is old, and I have no interest in continuing to maintain it. I looked for easy solutions to the problem, but in discussing them with Henrik, none which we found satisfactorily address the problem. Fixing this properly will require more work than I want to put into it. Note in particular that ensuring that the AcceptEnv sshd configuration option need not be turned on for this exploit to work. </quote> ----------------------------------------------- [0] https://bugs.gentoo.org/show_bug.cgi?id=415255 [1] http://sourceforge.net/mailarchive/message.php?msg_id=29235647 
circumvention.patch
(6.9 KiB)
|
This task depends upon
Closed by Gaetan Bisson (vesath)
Wednesday, 01 August 2012, 04:04 GMT
Reason for closing: Fixed
Additional comments about closing: rssh-2.3.3-4 in [extra]
Wednesday, 01 August 2012, 04:04 GMT
Reason for closing: Fixed
Additional comments about closing: rssh-2.3.3-4 in [extra]
It's rssh.
However, see: http://mailman.archlinux.org/pipermail/arch-dev-public/2012-August/023331.html