Date: Mon, 01 Jul 2002 21:08:35 -0600 From: Brett Glass <brett@lariat.org> To: Garrett Wollman <wollman@lcs.mit.edu>, Dag-Erling Smorgrav <des@ofug.org> Cc: security@FreeBSD.ORG Subject: Re: security risk: ktrace(2) in FreeBSD prior to -current. Message-ID: <4.3.2.7.2.20020701210508.0226bbb0@localhost> In-Reply-To: <200207011850.g61IolTT078907@khavrinen.lcs.mit.edu> References: <xzpelenim2p.fsf@flood.ping.uio.no> <200206301817.EAA05639@caligula.anu.edu.au> <xzp65zzk2ds.fsf@flood.ping.uio.no> <20020701135719.GA65770@palomine.net> <xzpelenim2p.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett, I agree with you. I have wiped the base install from every machine I administer and built OpenSSH-portable 3.4 instead. I've also turned off ChallengeResponseAuthentication on many machines, as well as protocol version 2 on machines where it's not needed. (SSH 1.5 is *slightly* less secure against man-in-the- middle attacks than 2, but not enough to matter -- and all of the recent holes have been in SSH 2.) --Brett At 12:50 PM 7/1/2002, Garrett Wollman wrote: >I don't care about the base-install ssh. Personally, I'd rather it >didn't exist, and I think admins who install it need to have their >heads checked. So there! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020701210508.0226bbb0>