Date: Tue, 25 Jun 2002 14:50:44 +1000 From: "Chris Knight" <chris@aims.com.au> To: <deraadt@cvs.openbsd.org> Cc: <freebsd-security@freebsd.org> Subject: RE: Hogwash Message-ID: <005b01c21c03$de2dd360$020aa8c0@aims.private> In-Reply-To: <200206250424.g5P4O5LJ001600@cvs.openbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Howdy, > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Theo de Raadt > Sent: Tuesday, 25 June 2002 14:24 > To: Sean Kelly > Cc: Ted Cabeen; Jacques A. Vidrine; freebsd-security@FreeBSD.ORG > Subject: Re: Hogwash > > > Some of you guys are saying you won't upgrade to privsep as in 3.3 or > 3.3.1 from now until Monday, and you won't turn sshd off either. When > come Monday you will have a real patch, and can sink back to your old > code if you want to, without privsep. And you expect my sympathy, and > a change in policy. > > Spoiled spoiled children. No candy for a week. > Stop being an idiot, Theo. People here have some very valid concerns. There is no guarantee that an upgrade to privsep is going to help, especially when the people expected to get privsep working have no idea what the exploit is. privsep also has the clear disadvantage of not having rigorous testing, unlike most of the openssh codebase. Why don't you CLEARLY state which versions of openssh are going to be vulnerable? At this point in time you are clearly upsetting a lot of people, and also making them unproductive. You have insight into an exploit that by the sounds of it, only a handful of people on the planet have. Instead of taking a professional approach and notifying the ssh user community of which versions are vulnerable and a list of possible actions to take, you are deciding to muddy the waters with little information and telling everyone to upgrade or turn off sshd. Grow up, and handle this issue in a professional manner. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005b01c21c03$de2dd360$020aa8c0>