From owner-freebsd-security  Wed Jun 26 15:54:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from ds.express.ru (ds.express.ru [212.24.32.7])
	by hub.freebsd.org (Postfix) with ESMTP id 7EC4637B412
	for <freebsd-security@freebsd.org>; Wed, 26 Jun 2002 15:52:32 -0700 (PDT)
Received: from localhost.express.ru ([127.0.0.1] helo=localhost)
	by ds.express.ru with esmtp (Exim 2.12 #8)
	id 17NJkP-000GwR-00
	for freebsd-security@FreeBSD.ORG; Thu, 27 Jun 2002 00:50:41 +0400
Date: Thu, 27 Jun 2002 00:50:41 +0400 (MSD)
From: Maxim Kozin <madmax@express.ru>
To: freebsd-security@FreeBSD.ORG
Subject: Re: The "race" that Theo sought to avoid has begun (Was:  OpenSSH
 Advisory)
In-Reply-To: <Pine.LNX.4.44.0206261845200.16380-100000@scribble.fsn.hu>
Message-ID: <Pine.BSF.4.05.10206270044220.64831-100000@ds.express.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Ppl, before you are going crazy, think a little.
> Theo did you a favor when he released his letter. Why? Because now all of
> you are using privsep, which will hopefully help you if the another 100
> exploits will be released/found in OpenSSH...
Not all, because  privsep has trouble with some PAM modules, but
"ChallengeResponseAuthentication no" work. If we can know this in begin of
sshisteria !

b.r.
 Kozin Maxim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message