On 4/3/24 20:25, Ian Lance Taylor wrote:
Note that the attack really didn't have anything to do with
compressing data. The library used an IFUNC to change the PLT of a
different function, so it effectively took control of the code that
verified the cryptographic key. The only part of the attack that
involved compression was the fact that it happened to live in a
compression library. And it wouldn't matter whether the code that
verified the cryptographic key was run as root either; the effect of
the attack was to say that the key was OK, and that sshd should
execute the command, and of course that execution must be done on
behalf of the requesting user, which (as I understand it) could be
root.
Ah, OK - that's what I missed.
Does your explanation mean that - if, as I do in my sshd config file -
you *forbid* root access via sshd in *any* way, you wouldn't be vulnerable ?
Thanks,
--
Toon Moene - e-mail: t...@moene.org - phone: +31 346 214290
Saturnushof 14, 3738 XG Maartensdijk, The Netherlands
