https://bugzilla.mindrot.org/show_bug.cgi?id=3397
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Damien Miller <[email protected]> --- Using a separate binary means that the sftp-server process does not inherit a memory image of the privileged sshd process (as it would for a merely fork()ed internal-sftp). Inheriting the memory image carries the risk that an error in sftp-server's attack surface could yield an arbitrary memory read primitive, and this could be used to break ASLR and other protections on the parent process, as well as granting access to any otherwise private data left in the sshd process. Unfortunately the existence of private data in the sshd address space is hard to reason about, especially since PAM modules can do pretty much what they feel like. Now, sftp-server _should_ be pretty free of bugs, but weird corner-cases that don't exist for other bits of sshd have yielded bad bugs there before (e.g. https://seclists.org/oss-sec/2014/q4/216) For this reason, my preference is to keep it as-is -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
