From owner-freebsd-security  Tue Jun 25  1:57:39 2002
Delivered-To: freebsd-security@freebsd.org
Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7E0EA37B40C; Tue, 25 Jun 2002 01:57:20 -0700 (PDT)
Received: from cvs.openbsd.org (deraadt@localhost [127.0.0.1])
	by cvs.openbsd.org (8.12.4/8.12.1) with ESMTP id g5P8w4LJ012623;
	Tue, 25 Jun 2002 02:58:04 -0600 (MDT)
Message-Id: <200206250858.g5P8w4LJ012623@cvs.openbsd.org>
To: Jarkko Santala <jake@iki.fi>
Cc: Sean Kelly <smkelly@zombie.org>, Ted Cabeen <secabeen@pobox.com>,
	"Jacques A. Vidrine" <nectar@FreeBSD.ORG>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Hogwash 
In-reply-to: Your message of "Tue, 25 Jun 2002 08:48:53 +0300."
             <20020625084249.M12462-100000@trillian.santala.org> 
Date: Tue, 25 Jun 2002 02:58:04 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
     * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
     * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
     * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
     * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


> On Mon, 24 Jun 2002, Theo de Raadt wrote:
> 
> > By holding this information back for a few more days, we are
> > permitting a very important protocol to be upgraded in an immune way,
> > OR YOU CAN TURN IT OFF NOW.
> 
> You have mentioned this "turn it off" solution more than twice. Is this
> your official answer to any exploits in OpenSSH? Can I quote you on this?
> 
> How do you figure this works for commercial companies that need secsh
> connections for business critical needs up and running 24x7?
> 
> 	-jake
> 
> -- 
> Jarkko Santala <jake@iki.fi>            http://www.iki.fi/~jake/
> System Administrator                    2001:670:83:f08::/64
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message