Blaze@lemmy.zip to Linux@programming.dev · 3 months ago'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systemswww.computing.co.ukexternal-linkmessage-square39fedilinkarrow-up1247arrow-down13
arrow-up1244arrow-down1external-link'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systemswww.computing.co.ukBlaze@lemmy.zip to Linux@programming.dev · 3 months agomessage-square39fedilink
minus-squarefrezik@midwest.sociallinkfedilinkarrow-up10·edit-23 months agoWhen you log in to an ssh terminal for a shell, it has to launch the shell process as the desired user. Needs to be root to do that. SSH has been around a long time. It’s not perfect, but it’s mostly validated. Anything new won’t have that history.
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up1·3 months agoCan’t it use built in OS mechanisms for that? Surely you could figure out a way to only give it permissions it needs. Maybe break it up into two separate processes.
minus-squareSethayy@sh.itjust.workslinkfedilinkarrow-up1·3 months agoThat just sounds like root with extra steps (trying to implement OS security policies in a remote terminal utility)
When you log in to an ssh terminal for a shell, it has to launch the shell process as the desired user. Needs to be root to do that.
SSH has been around a long time. It’s not perfect, but it’s mostly validated. Anything new won’t have that history.
Can’t it use built in OS mechanisms for that? Surely you could figure out a way to only give it permissions it needs. Maybe break it up into two separate processes.
That just sounds like root with extra steps (trying to implement OS security policies in a remote terminal utility)