logoalt Hacker News

RossBencinatoday at 2:57 AM2 repliesview on HN

I'm somewhat alarmed that the context that this bug was running in was capable of root login. Is there a reason that an SSH login process would, by default, have enough capabilities to facilitate direct root login?


Replies

anilakartoday at 6:31 AM

We did Tailscale-like SSH reverse tunnels at scale first in 2013 and the main issue has always been that there are no good libraries. Bash scripting around the OpenSSH binaries is pretty much the only way to go.

There's Paramiko, but Python is still a huge liability in memory-constrained systems.

show 1 reply
yjftsjthsd-htoday at 3:36 AM

If it runs as your user and can only log in as you, then I wouldn't expect it to be able to become root. But if it can log you in as different users, I would expect that 1. it needs to run from root, and 2. it can log in as root.