From owner-freebsd-security  Sun Mar 31  6: 8:20 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mailhub.unibe.ch (mailhub.unibe.ch [130.92.9.52])
	by hub.freebsd.org (Postfix) with ESMTP id D43C137B419
	for <freebsd-security@freebsd.org>; Sun, 31 Mar 2002 06:08:16 -0800 (PST)
Received: from CONVERSION-DAEMON.mailhub.unibe.ch by mailhub.unibe.ch
 (PMDF V6.1 #40086) id <0GTU00101CLR9B@mailhub.unibe.ch> for
 freebsd-security@freebsd.org; Sun, 31 Mar 2002 16:08:15 +0200 (MEST)
Received: from iam.unibe.ch (asterix.unibe.ch [130.92.64.4])
 by mailhub.unibe.ch (PMDF V6.1 #40086)
 with ESMTP id <0GTU00LABCLRS5@mailhub.unibe.ch>; Sun,
 31 Mar 2002 16:08:15 +0200 (MEST)
Received: from lara.unibe.ch (lara [130.92.65.56])
	by iam.unibe.ch (8.11.6+Sun/8.11.6) with ESMTP id g2VE8ES05178; Sun,
 31 Mar 2002 16:08:14 +0200 (MET DST)
Received: (from roth@localhost)	by lara.unibe.ch (8.9.3+Sun/8.9.1)
 id QAA12297; Sun, 31 Mar 2002 16:08:14 +0200 (MET DST)
Date: Sun, 31 Mar 2002 16:08:14 +0200
From: Tobias Roth <roth@iamexwi.unibe.ch>
Subject: Re: Why update the world because of OpenSSH?
In-reply-to: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org>
To: Jesper Wallin <z3l3zt@phucking.kicks-ass.org>
Cc: freebsd-security@freebsd.org
Message-id: <20020331160814.A12284@lara.unibe.ch>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.3.23i
X-Operating-System: SunOS lara 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-5_10
References: <4487.213.112.58.135.1017583220.squirrel@phucking.kicks-ass.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Once again I make me look like a fool..
> 
> I'm quite new to both mailinglists and FreeBSD so I'm not sure IF i should
> post this or where I should post if.. sorry for pissing you off..

I think freebsd-questions would be a good place for this question.

> Well, for some month ago I saw the warnings about the root exploit for
> OpenSSH here. What I never understood what, why should I update my world
> because of an OpenSSH exploit? Isn't it enought to just cvsup the ports and
> re-install OpenSSH from the ports?

Well, since SSH usually is in the base system, remaking the world (or at least the OpenSSH part of the system) is reasonable. But of course, you can also install the fixed OpenSSH port over the system SSH. It's up to you. Remaking the OpenSSH part of the base system would be the cleaner approach tho.

cheers, Tobe

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message