Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 2002 03:11:06 -0600
From:      Theo de Raadt <deraadt@cvs.openbsd.org>
To:        Brian Nelson <notgod@notgod.com>
Cc:        Alfred Perlstein <bright@mu.org>, FreeBSD Security <security@FreeBSD.ORG>
Subject:   Re: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulner ability (fwd) 
Message-ID:  <200206250911.g5P9B6LI025819@cvs.openbsd.org>
In-Reply-To: Your message of "Tue, 25 Jun 2002 01:12:23 PDT." <3D1825E7.4030201@notgod.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
> Alfred Perlstein wrote:
> > *sigh*
> > 
> > People don't get that what Theo is doing is very fair.
> > 
> > He's giving everyone a chance to protect themselves, the only people
> > that are getting screwed are those that are too damn lazy to adapt
> > the 'priv' stuff to their OS.
> > 
> > Quit your whining and submit patches to update your favorite version
> > of FreeBSD already! 
> > 
> > thanks,
> > -Alfred
> 
> I think I personally don't disagree with Theo, but I am confused about 
> the state of Privelage Seperation for people not running 
> (Open|NET)BSD...  So it's a hard pill to swallow when the software is "a 
> few days old".  I am much more comfortable with a patched version coming 
> from my vendor (in this case the FreeBSD core team) and firewalling my 
> box until that is available....

The thing is not public yet.  Then what is your worry?  You have three
choices:

	1) Accept that it is not public

	2) Disable it.

	3) Install a current freebsd patch of some sort, which has some
	   privesep in it.

And further more you can 

	4) Track improvements to freebsd privsep support.

Piece of cake.  No brainer.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206250911.g5P9B6LI025819>