On Tue, Mar 16, 2004 at 09:19:28AM -0800, Steve Lamb wrote: > Colin Watson wrote: > >But your setup has more or less the same properties: someone only has to > >gain access to your account, wait until you next type 'su', and then > >sniff your password. Easy. > > Uhm, how easy? I mean how would they do that, exactly? I mean isn't > the whole point of SSH to prevent that sort of thing? :P
It has nothing to do with ssh: ssh only protects the communications channel from eavesdroppers, not processes on the remote system from each other. If they already have access to your account on the remote machine, then for example strace would do (although you might notice the performance drop), or a trivial modification to your shell startup files to alias 'su' to something that grabbed the password and passed it on to the real 'su'. There are any number of techniques once they're in as the user from which privilege is escalated. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
