From owner-freebsd-doc  Wed Mar 13  8:50:59 2002
Delivered-To: freebsd-doc@freebsd.org
Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7BAFC37B41C; Wed, 13 Mar 2002 08:50:36 -0800 (PST)
Received: from bmah.dyndns.org ([12.233.149.189]) by rwcrmhc54.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020313165035.OOLT1214.rwcrmhc54.attbi.com@bmah.dyndns.org>;
          Wed, 13 Mar 2002 16:50:35 +0000
Received: (from bmah@localhost)
	by bmah.dyndns.org (8.11.6/8.11.6) id g2DGoWr36860;
	Wed, 13 Mar 2002 08:50:32 -0800 (PST)
	(envelope-from bmah)
Message-Id: <200203131650.g2DGoWr36860@bmah.dyndns.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Udo Erdelhoff <ue@nathan.ruhr.de>
Cc: freebsd-doc@FreeBSD.org, "Bruce A. Mah" <bmah@FreeBSD.org>,
	security-officer@FreeBSD.org
Subject: Re: cvs commit: src/release/doc/en_US.ISO8859-1/relnotes/common new.sgml 
In-reply-to: <20020310191230.E89278@nathan.ruhr.de> 
References: <200203090112.g291C4A36851@freefall.freebsd.org> <20020310191230.E89278@nathan.ruhr.de>
Comments: In-reply-to Udo Erdelhoff <ue@nathan.ruhr.de>
   message dated "Sun, 10 Mar 2002 19:12:30 +0100."
From: bmah@FreeBSD.org (Bruce A. Mah)
Reply-To: bmah@FreeBSD.org
X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5<Pi&akO)o^8;[r
 %l(8ZHlbF`dD>v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A
 2V%N&+
X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif
X-Url: http://www.employees.org/~bmah/
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Date: Wed, 13 Mar 2002 08:50:32 -0800
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

If memory serves me right, Udo Erdelhoff wrote:
> Hi,
> On Fri, Mar 08, 2002 at 05:12:04PM -0800, Bruce A. Mah wrote:
> >   1.297     +4 -2      src/release/doc/en_US.ISO8859-1/relnotes/common/new.
> sgml
> 
> I think there is a small typo/omission in the entry:
> 
> ] This bug could have allowed an authenticated remote user to cause
> ] &man.sshd.8; to execute arbitrary code with superuser privileges,
> 
> This part is correct and clear: A 'bad' client can abuse the server
> 
> ] or allowed a connecting SSH client to execute arbitrary
> ] code with the privileges of the client user. 
> 
> but I think this part should be clearer.  According to the advisories
> I have read, a 'bad' server can abuse the client.  My suggestion
> is to replace this part with "or allowed a malicous SSH server to
> execute arbitrary code on the client system with the privileges of
> the client user".

Sorry for the delay.  You're probably right here...any comments from the
security officer team?

Having had to amend this release note once already, I want to 
finally-get-it-right-this-time-dammit.  :-)

Thanks!

Bruce.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message