Researchers at the Qualys Threat Research Unit (TRU) have unearthed discovered a critical security flaw in OpenSSH's server (sshd) in glibc-based Linux systems.
Can’t it use built in OS mechanisms for that? Surely you could figure out a way to only give it permissions it needs. Maybe break it up into two separate processes.
When you log in to an ssh terminal for a shell, it has to launch the shell process as the desired user. Needs to be root to do that.
SSH has been around a long time. It’s not perfect, but it’s mostly validated. Anything new won’t have that history.
Can’t it use built in OS mechanisms for that? Surely you could figure out a way to only give it permissions it needs. Maybe break it up into two separate processes.