Am Do, den 12.08.2004 schrieb Brad Smith um 19:13: > Ok, I'll go ahead and risk embarrassment in the name of enlightenment > and ask: If the traffic between client and server is encrypted, even > with access to the sshd system, how does one "sniff" traffic sent > between two local processes (sshd and su) without a keylogger, which > wouldn't apply since the keyboard in question is on the client-side? > Is there some technique for eavesdropping on inter-process > communications that I don't know about, then, or did I just > misunderstand you? > Brad The question is about "potential weakness". Certainly an attacker has to use bugs on the system (the server if you speak about remote machines in this case) to be able to listen to inter-process communications or trojans to get what a user types in when trying to become root. At all you did understand me right. What netmask just in this moment replied explains it a bit better than I did. In the field of security you always have to observe the weakest points of a system or a structure. So my intention was not to say "hey, ssh in as normal user and then su to root is a security hole". But I wanted to point out that you might have a risk if feeling too safe. You know where this thread is coming from, what the starting point was. It is exactly that, that obviously too much Linux admins believe that Linux is secure by architecture or what else. It is obvious from my investigations too, that the hackers/crackers get access to vulnerable Linux hosts as unprivileged users and then using local exploits to become root. I know, many Linux admins think local root exploits are much less severe than remote root exploits. This is wrong and we now see to what it leads, unfortunately. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp Serendipity 19:31:34 up 8 days, 12:59, load average: 1.36, 1.31, 1.48
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
