From owner-freebsd-security@FreeBSD.ORG  Tue Sep 16 11:58:48 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6D73A16A4B3
	for <security@freebsd.org>; Tue, 16 Sep 2003 11:58:48 -0700 (PDT)
Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4F50543F85
	for <security@freebsd.org>; Tue, 16 Sep 2003 11:58:47 -0700 (PDT)
	(envelope-from damian@sentex.net)
Received: from pegmatite.sentex.ca (pegmatite.sentex.ca [192.168.42.92])
	by lava.sentex.ca (8.12.9/8.12.8) with ESMTP id h8GIwkCk078832
	for <security@freebsd.org>; Tue, 16 Sep 2003 14:58:46 -0400 (EDT)
	(envelope-from damian@sentex.net)
Received: by pegmatite.sentex.ca (Postfix, from userid 1001)
	id 60F4117137; Tue, 16 Sep 2003 14:58:44 -0400 (EDT)
Date: Tue, 16 Sep 2003 14:58:44 -0400
From: Damian Gerow <damian@sentex.net>
To: security@freebsd.org
Message-ID: <20030916185844.GZ66001@sentex.net>
References: <4.3.2.7.2.20030916123558.02cfdef0@localhost>
	<20030916134347.GA30359@madman.celabo.org>
	<4.3.2.7.2.20030916123558.02cfdef0@localhost>
	<4.3.2.7.2.20030916124550.02a55970@localhost>
	<20030916185417.GA6885@madman.celabo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030916185417.GA6885@madman.celabo.org>
X-GPG-Key-Id: 0xB841F142
X-GPG-Fingerprint: C7C1 E1D1 EC06 7C86 AF7C  57E6 173D 9CF6 B841 F142
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
User-Agent: Mutt/1.5.4i
X-Virus-Scanned: By Sentex Communications (lava/20020517)
Subject: Re: OpenSSH heads-up
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2003 18:58:48 -0000

Thus spake Jacques A. Vidrine (nectar@freebsd.org) [16/09/03 14:55]:
> AFAICT, you need not authenticate, it is not specific to protocol
> version 2, and there is no workaround.

So privsep won't help in this case?  I haven't seen any direct mention of it
yet, and my understanding of privsep is that it happens before
authentication, so it's not clear if it would be a viable workaround or not.