From owner-freebsd-questions  Tue Jun 25 10:49:37 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from clink.schulte.org (clink.schulte.org [209.134.156.193])
	by hub.freebsd.org (Postfix) with ESMTP id B48E637B425
	for <freebsd-questions@freebsd.org>; Tue, 25 Jun 2002 10:48:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by clink.schulte.org (Postfix) with ESMTP
	id 5C049243F7; Tue, 25 Jun 2002 12:48:11 -0500 (CDT)
Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65])
	by clink.schulte.org (Postfix) with ESMTP
	id 23B1A243CF; Tue, 25 Jun 2002 12:48:07 -0500 (CDT)
Message-Id: <5.1.1.6.2.20020625124040.041c50f0@pop3s.schulte.org>
X-Sender: 
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Tue, 25 Jun 2002 12:45:33 -0500
To: Lord Raiden <raiden23@netzero.net>,
	Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Marco Radzinschi <marco@radzinschi.com>,
	FreeBDS-Questions <freebsd-questions@freebsd.org>
From: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Subject: Re: Upcoming OpenSSH vulnerability (fwd)
In-Reply-To: <4.2.0.58.20020625134233.009992b0@pop.netzero.net>
References: <5.1.1.6.2.20020624224948.02923518@pop3s.schulte.org>
 <20020624234646.G22328-100000@mail.radzinschi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 01:43 PM 6/25/2002 -0400, Lord Raiden wrote:
>         Ok, well we're still running OpenSSH 3.1 from the last security 
> upgrade recommendation.  Should we go straight to 3.3 or wait for the 
> final fix?

I believe the idea is to offer an upgrade to 3.3 now with privsep enabled ( 
'UsePrivilegeSeparation yes' in sshd_config ) and be immune to the bug, 
then update to 3.3.1 (3.4?) when the full disclosure happens early next week.

>         Secondly how do you enable this priv separation thing in the 
> config file?  I'm unfamiliar with that.

See above.

--
Christopher Schulte
http://www.schulte.org/
Do not un-munge my @nospam.schulte.org
email address.  This address is valid.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message