Date: Mon, 04 Oct 1999 14:42:29 -0700 From: "Michael Bryan" <fbsd-security@ursine.com> To: freebsd-security@FreeBSD.ORG Subject: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Message-ID: <199910041442290320.2386AC1A@quaggy.ursine.com> In-Reply-To: <05b301bf0e8b$e5ca32e0$1e80000a@avantgo.com> References: <199909291352.GAA31310@cwsys.cwsent.com> <199909300401.WAA08495@harmony.village.org> <199910020846310710.17F35F81@quaggy.ursine.com> <05b301bf0e8b$e5ca32e0$1e80000a@avantgo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> This still allows /dev/log -> /var/run/log to work, but prevents >> abuse in cases of poor code like in ssh. > >Why not just fix the problem? We can add code via the patches in the ssh >port, which will later work its way back into ssh. Fixing ssh makes sense, but modifying the kernel behaviour also makes sense, as it prevents abuse for any other programs that have the same coding error. Other OS's are already implementing this type of check in the kernel. If there is needed functionality which is lost by such a kernel mod then it would be less desireable, of course. Michael Bryan fbsd-security@ursine.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910041442290320.2386AC1A>