Date: Mon, 24 Jun 2002 23:45:25 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Sean Kelly <smkelly@zombie.org> Cc: Theo de Raadt <deraadt@cvs.openbsd.org>, Ted Cabeen <secabeen@pobox.com>, "Jacques A. Vidrine" <nectar@FreeBSD.ORG>, <freebsd-security@FreeBSD.ORG> Subject: Re: Hogwash Message-ID: <20020624233910.V55382-100000@patrocles.silby.com> In-Reply-To: <20020625041946.GA6840@edgemaster.zombie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 2002, Sean Kelly wrote: > What percentage of people? As it has already been said, FreeBSD-STABLE > still uses OpenSSH 2.9. The privsep features do not exist in this version, > and you've not clarified whether this exploit will affect this version as > well. All you've said is that everybody should upgrade now or turn it off. > Neither of those options are that entirely helpful for a lot of us out here. I think this thread needs to die very soon. Theo's solution to this bug is unorthodox, but it should serve to protect those who are willing to upgrade. He does not deserve all the bashing you're giving him. Theo did miss one possible solution, though: Buy ssh.com's ssh server. If you find that you're not getting your $0 worth out of OpenSSH, you're more than welcome to choose an alternate vendor. In any case, this argument has no place on the FreeBSD security list; DES is working on getting Priv Seperation working as we speak, and you'll be able to upgrade in a day or two. Please end this. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624233910.V55382-100000>