lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: SSH Exploit Request 

On Sat, 15 Nov 2003 20:56:51 EST, Vladimir Parkhaev said:

> The fact is, upgrading sshd (not XYZ!) does not require reboot

Normally, yes.

>                                                                and does
> not affect any other processes that server runs.

Again, normally yes. But if you believe it's *impossible* for a run-away
process to not affect other processes, I suggest you go read up on fork bombs,
the numerous ways that various OOM-killers in the Linux kernel have proven
deficient, and a lot of other related issues.

>                                                  If you don't believe
> me, just... try it :)

I've *been* trying it since it was ssh.com's version 1.2.<verysmallN>
or so. Has worked reasonably every time, except for the one time I built it on
an IRIX 6.5.N and installed it on 6.5.M, where M<N.  It promptly ran afoul
of an API change, went runaway, and earned me a trip to the data center to
unsnarl things at the console.  (I also hit a similar problem when the
sshd was linked on an AIX system with the 4.3.3.75 version of libc, but
tried to run on a pre-.75 version, but *that* one promptly died a quick
and horrible death without impacting anything else).

<estimates number of SSH versions times number of machines, and gets at
least 4 digits>  So we've got some 99.98% reliability in installing sshd
without disruption.  But 99.98 isn't 100 unless you work at Intel.
Any my point is that anybody who's running a production system who is
installing *ANYTHING* with the attitude "this can't *possibly* fail" is
looking for a VERY rude awakening when it *does* fail.

So tell me - do you trust the installs enough to just do it and logout
without bothering trying to ssh in to make sure it works first? ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031115/c565925d/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ