From owner-freebsd-security  Tue Jun 25  1: 4: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.web.de (smtp01.web.de [194.45.170.210])
	by hub.freebsd.org (Postfix) with ESMTP id 3481237B483
	for <freebsd-security@freebsd.org>; Tue, 25 Jun 2002 00:59:04 -0700 (PDT)
Received: from [217.82.32.109] (helo=floundjan.homeip.net)
	by smtp.web.de with esmtp (WEB.DE(Exim) 4.70 #5)
	id 17MlE6-0007QW-00
	for freebsd-security@FreeBSD.ORG; Tue, 25 Jun 2002 09:59:02 +0200
Received: from localhost (localhost.lan [127.0.0.1])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id C20E22A0
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 09:59:00 +0200 (CEST)
Received: from jan-linnb.lan (jan-linnb.lan [192.168.0.25])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id 8003629E
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 09:58:57 +0200 (CEST)
Subject: Re: Workarounds for OpenSSH problems
From: Jan Lentfer <Jan.Lentfer@web.de>
To: FreeBSD Security Maillinglist <freebsd-security@FreeBSD.ORG>
In-Reply-To: <957C6FD8-8804-11D6-919D-0030654D97EC@patpro.net>
References: <957C6FD8-8804-11D6-919D-0030654D97EC@patpro.net>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 25 Jun 2002 09:58:01 +0200
Message-Id: <1024991881.2078.27.camel@jan-linnb.lan>
Mime-Version: 1.0
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Am Die, 2002-06-25 um 08.27 schrieb patpro:
> On mardi, juin 25, 2002, at 08:02 , Andrew McNaughton wrote:
> 
> > I've installed it.  It griped and wouldn't start without `mkdir
> > /var/empty`.  Having added that it's running, but it hasn't griped about
> > the lack of an 'sshd' user/group.  I added them anyway.  I don't see any
> > sign of an sshd process running as anything other than root though.
> > Compression is enabled when I connect, but I'm not sure that the privilege
> > separation is actually working.
 
> If you read the README.privsep in the source directory (found in /usr/ports/
> distfiles/openssh-3.3p1.tar.gz if you upgraded using ports) and follow the 
> instruction.
[..]

On the 2 machines I updated to ssh-portable sshd started without
/var/empty being existing. It didn't complain and seemed to be working.
But as far as I understand right now /var/empty is needed for chroot,
right? So, maybe it is running but it's not running secure (coz not
chrooted)?

Regards,

Jan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message