Date: Mon, 4 Aug 2003 17:20:23 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Troels Holm <th@cogito.dk> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath Message-ID: <20030804222023.GB11083@madman.celabo.org> In-Reply-To: <010701c35ad5$2e76d720$0201a8c0@THXP> References: <20030804213203.GE10339@madman.celabo.org> <010701c35ad5$2e76d720$0201a8c0@THXP>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 05, 2003 at 12:10:14AM +0200, Troels Holm wrote: > Jacques A. Vidrine wrote: > > The realpath.c that is distributed with OpenSSH-portable and found in > > our CVS tree as /usr/src/crypto/openssh/openbsd-compat/realpath.c is > > not used. > > Just for the record :=) > What u say is that the advisory is in error and my "sftp-server" is _not_ > affected? Or are you just saying that sftp isnt using the realpath.c from > OpenSSH? The latter. sftp-server *is* affected, just as it says in the advisory. But OpenSSH as bundled with FreeBSD uses realpath(3) from libc, not from src/crypto/openssh/openbsd-compat/realpath.c, and so (in answer to the question by a previous poster) that file does not need patching. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804222023.GB11083>