Date: Wed, 26 Jun 2002 19:33:53 -0400 From: Travis Cole <kelp@plek.org> To: Maxim Kozin <madmax@express.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH Advisory) Message-ID: <20020626233353.GB77856@ainaz.pair.com> In-Reply-To: <Pine.BSF.4.05.10206270044220.64831-100000@ds.express.ru> References: <Pine.LNX.4.44.0206261845200.16380-100000@scribble.fsn.hu> <Pine.BSF.4.05.10206270044220.64831-100000@ds.express.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 27, 2002 at 12:50:41AM +0400, Maxim Kozin wrote: > > Ppl, before you are going crazy, think a little. > > Theo did you a favor when he released his letter. Why? Because now all of > > you are using privsep, which will hopefully help you if the another 100 > > exploits will be released/found in OpenSSH... > Not all, because privsep has trouble with some PAM modules, but > "ChallengeResponseAuthentication no" work. If we can know this in begin of > sshisteria ! Yes, but if we had known about that from day one, so would the guys who like to write exploits. There are some very smart people doing that and the second they saw "Just set ChallengeResponseAuthentication to no" that really makes it easier to figure out where the problem is. You immediately narrow their search from thousands of lines of code to only a few hundred. -- -tcole To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626233353.GB77856>