On Wed, 3 Apr 2024 at 19:36, Toon Moene <t...@moene.org> wrote: > > On 4/3/24 20:25, Ian Lance Taylor wrote: > > > Note that the attack really didn't have anything to do with > > compressing data. The library used an IFUNC to change the PLT of a > > different function, so it effectively took control of the code that > > verified the cryptographic key. The only part of the attack that > > involved compression was the fact that it happened to live in a > > compression library. And it wouldn't matter whether the code that > > verified the cryptographic key was run as root either; the effect of > > the attack was to say that the key was OK, and that sshd should > > execute the command, and of course that execution must be done on > > behalf of the requesting user, which (as I understand it) could be > > root. > > Ah, OK - that's what I missed. > > Does your explanation mean that - if, as I do in my sshd config file - > you *forbid* root access via sshd in *any* way, you wouldn't be vulnerable ?
No, sshd is still running as root.
