From owner-freebsd-security  Tue Jun 25  2:10:33 2002
Delivered-To: freebsd-security@freebsd.org
Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3])
	by hub.freebsd.org (Postfix) with ESMTP id EE09737B400
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 02:10:22 -0700 (PDT)
Received: from cvs.openbsd.org (deraadt@localhost [127.0.0.1])
	by cvs.openbsd.org (8.12.4/8.12.1) with ESMTP id g5P9B6LI025819;
	Tue, 25 Jun 2002 03:11:06 -0600 (MDT)
Message-Id: <200206250911.g5P9B6LI025819@cvs.openbsd.org>
To: Brian Nelson <notgod@notgod.com>
Cc: Alfred Perlstein <bright@mu.org>,
	FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulner ability (fwd) 
In-reply-to: Your message of "Tue, 25 Jun 2002 01:12:23 PDT."
             <3D1825E7.4030201@notgod.com> 
Date: Tue, 25 Jun 2002 03:11:06 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Alfred Perlstein wrote:
> > *sigh*
> > 
> > People don't get that what Theo is doing is very fair.
> > 
> > He's giving everyone a chance to protect themselves, the only people
> > that are getting screwed are those that are too damn lazy to adapt
> > the 'priv' stuff to their OS.
> > 
> > Quit your whining and submit patches to update your favorite version
> > of FreeBSD already! 
> > 
> > thanks,
> > -Alfred
> 
> I think I personally don't disagree with Theo, but I am confused about 
> the state of Privelage Seperation for people not running 
> (Open|NET)BSD...  So it's a hard pill to swallow when the software is "a 
> few days old".  I am much more comfortable with a patched version coming 
> from my vendor (in this case the FreeBSD core team) and firewalling my 
> box until that is available....

The thing is not public yet.  Then what is your worry?  You have three
choices:

	1) Accept that it is not public

	2) Disable it.

	3) Install a current freebsd patch of some sort, which has some
	   privesep in it.

And further more you can 

	4) Track improvements to freebsd privsep support.

Piece of cake.  No brainer.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message