From owner-freebsd-security  Tue Jun 25  1:18:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lucubration.notgod.com (node-216-136-154-51.networks.paypal.com [216.136.154.51])
	by hub.freebsd.org (Postfix) with SMTP id B0FD537B427
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 01:12:49 -0700 (PDT)
Received: (qmail 99184 invoked from network); 25 Jun 2002 08:13:09 -0000
Received: from unknown (HELO notgod.com) (64.168.159.218)
  by node-216-136-154-51.networks.paypal.com with SMTP; 25 Jun 2002 08:13:07 -0000
Message-ID: <3D1825E7.4030201@notgod.com>
Date: Tue, 25 Jun 2002 01:12:23 -0700
From: Brian Nelson <notgod@notgod.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020606
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Alfred Perlstein <bright@mu.org>
Cc: Theo de Raadt <deraadt@cvs.openbsd.org>,
	FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulner
 ability (fwd)
References: <20020625074744.GK53232@elvis.mu.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Level: 
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Alfred Perlstein wrote:
> *sigh*
> 
> People don't get that what Theo is doing is very fair.
> 
> He's giving everyone a chance to protect themselves, the only people
> that are getting screwed are those that are too damn lazy to adapt
> the 'priv' stuff to their OS.
> 
> Quit your whining and submit patches to update your favorite version
> of FreeBSD already! 
> 
> thanks,
> -Alfred

I think I personally don't disagree with Theo, but I am confused about 
the state of Privelage Seperation for people not running 
(Open|NET)BSD...  So it's a hard pill to swallow when the software is "a 
few days old".  I am much more comfortable with a patched version coming 
from my vendor (in this case the FreeBSD core team) and firewalling my 
box until that is available....



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message