From owner-freebsd-security  Mon Jul  1  9:31:12 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 73CF437B401
	for <security@FreeBSD.ORG>; Mon,  1 Jul 2002 09:31:06 -0700 (PDT)
Received: from lariat.org (lariat.org [63.229.157.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 786B343E0A
	for <security@FreeBSD.ORG>; Mon,  1 Jul 2002 09:31:05 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id KAA05234;
	Mon, 1 Jul 2002 10:30:52 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020701102105.022a44f0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Mon, 01 Jul 2002 10:30:44 -0600
To: David Pick <d.m.pick@qmul.ac.uk>, security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: security risk: ktrace(2) in FreeBSD prior to -current. 
In-Reply-To: <E17P2Ol-0002Jf-00@xi.css.qmw.ac.uk>
References: <Your message of "01 Jul 2002 16:01:34 +0200." <xzpelenim2p.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 08:43 AM 7/1/2002, David Pick wrote:

>At least we can build a binary update "package"
>for the "ports" version using a simple "make package"; it's
>harder for the version integrated into the base. 

You can make a binary updater using the currently available
port. Just do

cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE package

Beware, though, that you'll also want to install the latest
OpenSSL "engine". I believe that you can make this into
a binary package as well.

>Please note that I have *not* asked for a binary update.
>I don't want to get flamed the way Brett does...

...for asking something reasonable? ;-)

Seriously: Please do ask. If we do not have up-to-date binary
packages, a large percentage of the new installs of FreeBSD 
(both network installs and those from CD-ROM) will be vulnerable 
from the start, even though the holes have long been identified. 
This is not only unethical but also terrible for FreeBSD's 
reputation. 

Already, the Apache/FreeBSD worm is making the rounds. Why 
allow new installs to be vulnerable?

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message