245
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
(www.computing.co.uk)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Jul 2024
245 points (98.8% liked)
Linux
4966 readers
179 users here now
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 1 year ago
MODERATORS
Maybe it is time to move to something new
Also why does sshd run as root. I deal like ssh could use some least privilege
When you log in to an ssh terminal for a shell, it has to launch the shell process as the desired user. Needs to be root to do that.
SSH has been around a long time. It's not perfect, but it's mostly validated. Anything new won't have that history.
Can't it use built in OS mechanisms for that? Surely you could figure out a way to only give it permissions it needs. Maybe break it up into two separate processes.
That just sounds like root with extra steps (trying to implement OS security policies in a remote terminal utility)
Root because it use port 22. I think anything lower than port 1024 requires it. But if this is true, then you can try change the port it is listening to something higher than that.