Re: rssh security announcement

看板Bugtraq作者code.時間13年前 (2012/06/03 18:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串4/9 (看更多)

--2/5bycvrmDh4d1IB Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline On Tue, May 08, 2012 at 12:24:52PM -0500, Derek Martin wrote: > Henrik Erkkonen has discovered that, through clever manipulation of > environment variables on the ssh command line, it is possible to > circumvent rssh. As far as I can tell, there is no way to effect a > root compromise, except of course if the root account is the one > you're attempting to protect with rssh... > > This project is old, and I have no interest in continuing to maintain > it. Actually, I have a patch for this. I'll be publishing it later this week, when I can find some time to do it. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D --2/5bycvrmDh4d1IB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFPsno8djdlQoHP510RAm0VAJ9Y1coDMyu0k0Ngc4ZTrE7ZY3X6LgCfYxH2 nAXGAH7LiXTVZ+p0rK0IUG0= =iD+N -----END PGP SIGNATURE----- --2/5bycvrmDh4d1IB--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 code. 的文章

文章代碼(AID): #1FopqZwq (Bugtraq)