Date: Mon, 01 Jul 2002 15:43:27 +0100 From: David Pick <d.m.pick@qmul.ac.uk> To: security@freebsd.org Subject: Re: security risk: ktrace(2) in FreeBSD prior to -current. Message-ID: <E17P2Ol-0002Jf-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "01 Jul 2002 16:01:34 %2B0200." <xzpelenim2p.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01 Jul 2002 16:01:34 +0200, Dag-Erling Smorgrav wrote: > Chris Johnson <cjohnson@palomine.net> writes: > > On Mon, Jul 01, 2002 at 03:23:59PM +0200, Dag-Erling Smorgrav wrote: > > > Darren Reed <avalon@coombs.anu.edu.au> writes: > > > > With OpenSSH 3.4, ssh-keysign gets installed setuid-root. > > > Not in FreeBSD. > > Are you sure? > > I don't care about the port. Personally, I'd rather it didn't exist, > and I think admins who install it need to have their head checked. <snip> At least the port can be built and installed without having to have large amounts of system source installed on the limited amount of hard disc available on a laptop with multiple OSs installed. Of course, a binary system update can be installed even more easily without *any* source but we don't have any such available. At least we can build a binary update "package" for the "ports" version using a simple "make package"; it's harder for the version integrated into the base. The previous SA (SA-02:13) on OpenSSH 2.9 as included in the base included instructions for building a corrected version with the minimum amount of compilation and minimum amount of source installed but didn't include any help on just how much source *was* the minimum amount. And you had to extract parts of (IIRC) three of the "source" distributions. This is even more true for the recent resolver problems... Please note that I have *not* asked for a binary update. I don't want to get flamed the way Brett does... -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E17P2Ol-0002Jf-00>