On Thu, Feb 01, 2001 at 07:47:45PM +0000, James Ponder wrote:
> However, tell me... Say there was an exploitable vulnerability that gave
> the attacker root access on your OpenBSD machine - perhaps the recent ftpd
> bug or something like the recent bind problem. The attacker now has root
> access and replaces your /usr/bin/su and/or /usr/bin/sudo with their own
> version that records your password. They disable your checksum integrity
> checker, perhaps by simply altering it to return the old checksum, or
> something more complicated like a kernel attack.

[snip]

> Now, you want to do some maintenance one day:
>
> * If you connect to this machine via ssh and run '/usr/bin/su' you lose your
> root password to the attacker.
>
> * If you connect to this machine via ssh and run sudo, you lose your user
> account password to the attacker.
>
> * If you had logged in as root via ssh, you wouldn't have lost any access
> details.

I think the point that other folks are missing here is that you're
assuming the root login is allowed via an authorized_key or known_host
key, so sshd never sees your password. In that case, yes, the attacker
cannot get your password and cannot compromise other hosts on the
network.

Of course, you're opening another can of worms by allowing root logins
with a specific RSA key.

-andy

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]