[luau] Local Root Hole in OpenSSH

MonMotha monmotha at indy.rr.com
Thu Mar 7 21:12:06 PST 2002


Building a static binary (which means you can build it on a system with 
a different libc and other libs and still probably have it work) simply 
needs the "-static" option given to gcc.  You can probably set CFLAGS= 
to include -static.

--MonMotha

Steve Anderson wrote:
> I believe that you don't have to use PAM. I think you can require PAM in 
> sshd.conf. So it should follow that sshd could run on 6.2 without PAM, if PAM 
> is not set to required. I have not built a binary with static libraries. Is 
> there info on the web about how to go about it in general? I also need to use 
> tcpd wrappers.
> Steve
> 
> On Thursday 07 March 2002 06:17 pm, you wrote:
> 
>>Does redhat 6.2 use PAM?  If it doesn't I can statically link you a copy
>>that should run no matter what.
>>
>>--MonMotha
>>
>>Steve Anderson wrote:
>>
>>>Yeah, I think it applies to all OpenSSH prior to 3.1. I was able to
>>>upgrade our RedHat 7.1 and Solaris machines with the portable 3.1 source.
>>>But the same source fails on RedHat 6.2. Our OpenBSD 2.8 machine also
>>>failed during the build process for the regular OpenSSH. I found others
>>>with the same problems on Google, and the patch for OpenBSD 2.8 was
>>>supposed to have been fixed. But the updated 2.8 patch had not made it to
>>>the download sites yet, so I turned off SSH on the 2.8 machine. I also
>>>turned off SSH on the Red Hat 6.2 machines, and will wait to see what Red
>>>Hat comes out with. If anyone is still running Red Hat 6.2 and gets
>>>OpenSSH 3.1p to build on 6.2, please let me know.
>>>
>>>Steve Anderson
>>>
>>>On Thursday 07 March 2002 12:11 pm, you wrote:
>>>
>>>>Someone found a hole in OpenSSH.
>>>>
>>>>Info at: http://www.pine.nl/advisories/pine-cert-20020301.html
>>>>
>>>>Everyone should probably upgrade their OpenSSHs about now.  I'm guessing
>>>>that OpenBSD is also vulnerable (doesn't say only the portable versions).
>>>>
>>>>--MonMotha
>>>>
>>>>_______________________________________________
>>>>LUAU mailing list
>>>>LUAU at videl.ics.hawaii.edu
>>>>http://videl.ics.hawaii.edu/mailman/listinfo/luau
>>>>
>>>_______________________________________________
>>>LUAU mailing list
>>>LUAU at videl.ics.hawaii.edu
>>>http://videl.ics.hawaii.edu/mailman/listinfo/luau
>>>
>>_______________________________________________
>>LUAU mailing list
>>LUAU at videl.ics.hawaii.edu
>>http://videl.ics.hawaii.edu/mailman/listinfo/luau
>>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
> 
> 





More information about the LUAU mailing list