From owner-freebsd-security Wed Jul 31 23:55:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DDA837B400 for ; Wed, 31 Jul 2002 23:55:52 -0700 (PDT) Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id D97FB43E4A for ; Wed, 31 Jul 2002 23:55:50 -0700 (PDT) (envelope-from patpro@patpro.net) Received: from localhost (cassandre [192.168.0.1]) by boleskine.patpro.net (8.11.3/8.11.3) with ESMTP id g716tnR87432 for ; Thu, 1 Aug 2002 08:55:50 +0200 (CEST) (envelope-from patpro@patpro.net) Date: Thu, 1 Aug 2002 08:55:44 +0200 Subject: Re: About the openssl hole Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) From: patpro To: freebsd-security@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <3D47402F.83B37CBA@pantherdragon.org> Message-Id: X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I currently have a FreeBSD server and provide services like apache/ssl, pop/ ssl, smtp/ssl... I don't have physical access to the box. If I just : - update openSSL port - recompile every port that use openSSL (openSSH, Apache+mod_ssl, ....) will I be safe from remote attack ? Is the make-world compulsory to guaranty security from outside the box, or is it just the way to guaranty the security from both inside and outside ? I'm not paranoid about local exploit, only 2 people have a shell on the box and they also have the root passwd (my partners). A remote make-world is not a manipulation I whould be happy to do :/ thanks, patpro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message