Date: Thu, 25 Jan 2001 10:32:55 -0600 From: Ade Lovett <ade@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) Message-ID: <20010125103255.A78404@FreeBSD.org> In-Reply-To: <20010124230626.A49802@citusc17.usc.edu>; from kris@FreeBSD.ORG on Wed, Jan 24, 2001 at 11:06:26PM -0800 References: <NDBBJJFIKLHBJCFDIOKGEEKHCAAA.kupek@earthlink.net> <FDEEKLDJMPFBCBKOEEINCEIGCKAA.scott@link-net.com> <20010124230626.A49802@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 24, 2001 at 11:06:26PM -0800, Kris Kennaway wrote: > On Wed, Jan 24, 2001 at 07:09:32PM -0800, Scott Raymond wrote: > > Oh, crap. That's EXACTLY what was happening. > > > > Looks like it's time for another compile. Duh. > > No, it's a configuration directive. Of course, chucking this out: fatal: ConnectionsPerPeriod has been deprecated and then aborting violates POLA. If it's been deprecated, just ignore it for a while, but don't stop functioning because of a "dead" directive. Got bit this morning by that (our ssh/sshd config's are somewhat different from 'normal', and a later experiment with merge didn't remove the offending line, either. Thank heavens for serial consoles. The approach here was not thought through at all, especially with: uxb 22# grep -i connectionsperperiod /usr/src/UPDATING uxb 23# on a fully up-to-date RELENG_4 src/ tree. I would ask, that in -STABLE at least, the fatal error be backed out to a warning, at least for a few months (with sshd ignoring the directive, and continuing to run), and then only move to a fatal error + die. -aDe -- Ade Lovett, Austin, TX. ade@FreeBSD.org FreeBSD: The Power to Serve http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010125103255.A78404>