246

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems (www.computing.co.uk)

submitted 6 days ago by Blaze@lemmy.zip to c/linux@programming.dev

39 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] frezik@midwest.social 10 points 6 days ago* (last edited 6 days ago)

When you log in to an ssh terminal for a shell, it has to launch the shell process as the desired user. Needs to be root to do that.

SSH has been around a long time. It's not perfect, but it's mostly validated. Anything new won't have that history.

[-] possiblylinux127@lemmy.zip 1 points 6 days ago

Can't it use built in OS mechanisms for that? Surely you could figure out a way to only give it permissions it needs. Maybe break it up into two separate processes.

[-] Sethayy@sh.itjust.works 1 points 3 days ago

That just sounds like root with extra steps (trying to implement OS security policies in a remote terminal utility)

this post was submitted on 01 Jul 2024

246 points (98.8% liked)

Linux

4395 readers

246 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev