Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

In the terminal room...

  • From: James Klossner
  • Date: Mon Jun 08 00:57:03 1998

People might want to be careful what binary you run in the terminal
room if you're using ssh (or whatever).  I happened to find
this today while using them (extra junk snipped):

% pwd
/usr/home/nanog
% ls -al ssh
-rwxr-xr-x  1 nanog  nanog  1218960 Jun  7 13:04 ssh
% ./ssh -v
SSH Version 1.2.22 [i386-unknown-freebsd2.2.6], protocol version 1.5.
Standard version.  Does not use RSAREF.
[snipped]
% which ssh
/usr/local/bin/ssh
% ls -al /usr/local/bin/ssh
lrwxrwxrwx  1 root  wheel  14 Jun  6 07:55 /usr/local/bin/ssh -> ../ssh/bin/ssh
% ls -al /usr/local/ssh/bin/ssh
lrwxrwxrwx  1 root  wheel  4 Jun  6 07:55 /usr/local/ssh/bin/ssh -> ssh1
% ls -al /usr/local/ssh/bin/ssh1
-rws--x--x  1 root  wheel  212952 May 20 09:20 /usr/local/ssh/bin/ssh1
% /usr/local/bin/ssh -v
SSH Version 1.2.23 [i386-unknown-freebsd2.2.6], protocol version 1.5.
Standard version.  Does not use RSAREF.
[snipped]

Dot isn't in the path on these boxes, but you still might want to be
careful anyway.  Perhaps someone just brought over their own ssh binary,
because they didn't trust the one here, or it could be something more
malicious.  I guess the moral of the story is to be careful about
what you run on these machines.

-jkk

-- 
Jim Klossner - jkk@frontiernet.net		http://www.frontiernet.net
"VMS is about as secure as a poodle encased in a block of lucite...
	...about as useful, too."	-wendigo@pobox.com




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.