From owner-doc-jp@jp.FreeBSD.org Tue Dec 11 03:18:25 2001
Received: (from daemon@localhost)
	by castle2.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id fBAIIPn95928;
	Tue, 11 Dec 2001 03:18:25 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from castle.jp.freebsd.org (castle.jp.FreeBSD.org [210.226.20.15])
	by castle2.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id fBAIIPm95923
	for <doc-jp@castle2.jp.freebsd.org>; Tue, 11 Dec 2001 03:18:25 +0900 (JST)
	(envelope-from postman-sony@jp.freebsd.org)
Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.160.21])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id DAA22583
	for <doc-jp@jp.FreeBSD.org>; Tue, 11 Dec 2001 03:18:23 +0900 (JST)
	(envelope-from rushani@bl.mmtr.or.jp)
Received: (qmail 20232 invoked from network); 11 Dec 2001 03:18:19 +0900
Received: from unknown (HELO localhost) (210.165.143.29)
  by mx.bl.mmtr.or.jp with SMTP; 11 Dec 2001 03:18:19 +0900
Date: Tue, 11 Dec 2001 03:23:02 +0900 (JST)
Message-Id: <20011211.032302.74752780.rushani@bl.mmtr.or.jp>
To: doc-jp@jp.FreeBSD.org
From: Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
In-Reply-To: <20011211.021632.74752118.hrs@eos.ocn.ne.jp>
References: <200112071230.fB7CUB066488@freefall.freebsd.org>
	<20011211.021632.74752118.hrs@eos.ocn.ne.jp>
Organization: Nagaoka National College of Technology
X-URL: http://www.bl.mmtr.or.jp/~rushani/
X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010331
X-Sequence: doc-jp 8548
Subject: [doc-jp 8548] Re: ANNOUNCE: FreeBSD Security Advisory
 FreeBSD-SA-01:63.openssh
Errors-To: owner-doc-jp@jp.FreeBSD.org
Sender: owner-doc-jp@jp.FreeBSD.org
X-Originator: rushani@bl.mmtr.or.jp

$BARIJ$G$9(B.
# $B$*$R$5$7$V$j$G$9(B.

>>> On Tue, 11 Dec 2001 02:16:32 +0900 (JST), Hiroki Sato <hrs@eos.ocn.ne.jp> said:

> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
> 
>  revised $B$5$l$?(B 01:63 $B$G$9!#(B
[...]
> FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
> =============================================================================
> FreeBSD-SA-01:63 (2001-12-06)
>  * OpenSSH UseLogin directive permits privilege escalation
> =============================================================================
[...]
> II.  $BLdBj$N>\:Y(B - Problem Description
[...]
> In addition, there are two versions of OpenSSH included in the
> ports collection.  One is ports/security/openssh, which is the
> BSD-specific version of OpenSSH.  Versions of this port prior to
> openssh-3.0.2 exhibit the problem described above.  The other is
> ports/security/openssh-portable, which is not vulnerable, even if the
> server is set to `UseLogin yes'.
> 
> $B$^$?(B, Ports Collection $B$K$O(B 2 $B<oN`$N(B OpenSSH $B$,B8:_$7$^$9(B.  $B0l$D$O(B
> ports/security/openssh $B$G$"$j(B, BSD $B$KFC2=$7$?(B OpenSSH $B$G$9(B.
> $B$3$N(B port $B$N(B openssh-3.0.2 $B$h$jA0$N$b$N$O(B, $B>e=R$7$?LdBj$K5/0x$9$k(B
> $B%;%-%e%j%F%#>e$N<eE@$,B8:_$7$^$9(B.  $B$^$?(B, $B$b$&0l$D(B
> ports/security/openssh-portable $B$H$$$&$b$N$,$"$j$^$9$,(B, $B$3$A$i$O(B
> `UseLogin yes' $B$N;XDj$K4X$o$i$:(B, $B>e=R$NLdBj$N1F6A$O<u$1$^$;$s(B.

$BF|K\8l$K$9$k>l9g$O(B, 

$B!X$3$N(B port $B$N(B openssh-3.0.2 $B$h$jA0$N$b$N$O(B, $B>e=R$7$?LdBj$K5/0x$9$k!Y(B
                           ^^^^^^^^
$B$h$j(B, 

$B!X$3$N(B port $B$N(B openssh-3.0.1 $B0JA0$N$b$N$O(B, $B>e=R$7$?LdBj$K5/0x$9$k!Y(B
                           ^^^^^^
$B$NJ}$,$$$$$+$b(B...


> IV.  $B2sHrJ}K!(B - Workaround
[...]
> For sshd included in the base system (/usr/bin/sshd), the
> server configuration file is `/etc/ssh/sshd_config'.  For sshd
> from the ports collection, the server configuration file is
> `/usr/local/etc/sshd_config'.
> 
> FreeBSD $B%Y!<%9%7%9%F%`$K4^$^$l$k(B sshd (/usr/bin/sshd) $B$N(B
> $B%5!<%P@_Dj%U%!%$%k$O(B `/etc/ssh/sshd_config' $B$K$"$j$^$9(B.
> $B$^$?(B, Ports Collection $B$K4^$^$l$k(B sshd $B$N%5!<%P@_Dj%U%!%$%k$O(B
> `/usr/local/etc/sshd_config' $B$G$9(B.

$B$&$A$@$H(B, sshd $B$O(B

  % which sshd
  /usr/sbin/sshd
       ^
$B$K$"$k$s$G$9$,(B...

----
Hideyuki KURASHINA              Strength of Materials laboratory,
rushani@bl.mmtr.or.jp           Department of Mechanical Engineering, 
m09010@st.nagaoka-ct.ac.jp      Nagaoka National College of Technology
