Mailing List Archive

[Bug 3397] Make internal-sftp the default
https://bugzilla.mindrot.org/show_bug.cgi?id=3397

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
Using a separate binary means that the sftp-server process does not
inherit a memory image of the privileged sshd process (as it would for
a merely fork()ed internal-sftp).

Inheriting the memory image carries the risk that an error in
sftp-server's attack surface could yield an arbitrary memory read
primitive, and this could be used to break ASLR and other protections
on the parent process, as well as granting access to any otherwise
private data left in the sshd process. Unfortunately the existence of
private data in the sshd address space is hard to reason about,
especially since PAM modules can do pretty much what they feel like.

Now, sftp-server _should_ be pretty free of bugs, but weird
corner-cases that don't exist for other bits of sshd have yielded bad
bugs there before (e.g. https://seclists.org/oss-sec/2014/q4/216)

For this reason, my preference is to keep it as-is

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs