Date: Wed, 19 Mar 2003 20:45:03 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Colin Percival <colin.percival@wadham.ox.ac.uk> Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@ofug.org>, freebsd-stable@FreeBSD.ORG Subject: Re: HEADS UP: OpenSSH 3.5p1 Message-ID: <20030319094502.GB4423@cirb503493.alcatel.com.au> In-Reply-To: <5.0.2.1.1.20030319085217.01dfa0b8@popserver.sfu.ca> References: <xzpn0ldmao6.fsf@flood.ping.uio.no> <20030319010311.GO90290@gsmx07.alcatel.com.au> <xzp8yvc14im.fsf@flood.ping.uio.no> <5.0.2.1.1.20030319085217.01dfa0b8@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 19, 2003 at 08:53:42AM +0000, Colin Percival wrote: >At 19:37 19/03/2003 +1100, Peter Jeremy wrote: >>On Mon, 03 Feb 2003 20:22:33 +0100, Dag-Erling Smørgrav wrote: >>>I've upgraded OpenSSH in -STABLE to 3.5p1. Please report any breakage >>>directly to me. >> >>The default for UsePrivilegeSeparation has changed from "off" to "on". >>As a result, the bug reported by Tony Finch <dot@dotat.at> in -security >>last July now defaults to active. In <xzpd6tcotcv.fsf@flood.ping.uio.no>, >>you indicated you were looking into this problem. Did you come up with >>a solution? > > It looks like this was fixed in sshd.c 1.32, and the fix was brought >into -STABLE along with the rest of 3.5p1. Ah, ok. It looks like the fix only addressed the specific problem of DNS lookups raised by Tony (and others via PRs) - it fails to address the general problem of hostname lookups with privilege separation. In my case, I need /etc/hosts for name resolution and the fix in 1.32 only addresses the bind case. (I'm not sure whether the YP/NIS case works or not). I'll raise a PR but I can't see any obvious solution. (At the very least, the problem and work-around should be documented). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030319094502.GB4423>