Exploit: Some sshd 1.x/2.0 stupidities: --------------------------------- Unprivledged luser could create symlink in ~/.ssh (or ~/.sshd) to virtually any file - root's ~/.ssh entries, /dev/urandom or anything else. Sshd, during login attempt, but before any authorization, will happily read these files, ignoring ownership (yep, it's running at UID 0). Could be dangerous, could be not. But even if not, still allows some interesting DoSes from privledged UID. Michal Zalewski [lcamtuf@ids.pl]