After the recent discussion here about some OpenSSH sshd's having
difficulty locating scp in /usr/local/bin/, i took a look at
openssh-1.2.1pre17's config.h.in and found what i believe is a
potential minor security problem: the _PATH_STDPATH defined there ends
in `:', effectively putting a `.' (current directory) at the end of the
path and thus opening ssh sessions that use that default PATH to the
possibility of trojan attacks.
This is *only* a problem if _PATH_STDPATH is not defined in your system
includes (usually in /usr/include/). If your system includes do define
_PATH_STDPATH (for example, in <paths.h>), this problem does not affect
you. (That is no guarantee, however, that your _PATH_STDPATH is
completely secure---check it to make sure it is.)
Since the `current directory' element is preceded by
`/usr/bin:/bin:/usr/sbin:/sbin', the possibility for such an attack
succeeding is less than if the current directory were at the beginning
of the PATH, but it's still Not A Good Thing(tm).
The attached patch fixes the potential problem. It's necessary to
re-./configure and recompile openssh after patching.
--
jim knoble
jmknoble@pobox.com
difficulty locating scp in /usr/local/bin/, i took a look at
openssh-1.2.1pre17's config.h.in and found what i believe is a
potential minor security problem: the _PATH_STDPATH defined there ends
in `:', effectively putting a `.' (current directory) at the end of the
path and thus opening ssh sessions that use that default PATH to the
possibility of trojan attacks.
This is *only* a problem if _PATH_STDPATH is not defined in your system
includes (usually in /usr/include/). If your system includes do define
_PATH_STDPATH (for example, in <paths.h>), this problem does not affect
you. (That is no guarantee, however, that your _PATH_STDPATH is
completely secure---check it to make sure it is.)
Since the `current directory' element is preceded by
`/usr/bin:/bin:/usr/sbin:/sbin', the possibility for such an attack
succeeding is less than if the current directory were at the beginning
of the PATH, but it's still Not A Good Thing(tm).
The attached patch fixes the potential problem. It's necessary to
re-./configure and recompile openssh after patching.
--
jim knoble
jmknoble@pobox.com