Date: Mon, 22 Jan 1996 14:47:44 -0700 From: Nate Williams <nate@sri.MT.net> To: Peter Wemm <peter@jhome.DIALix.COM> Cc: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>, security@freebsd.org Subject: Re: ssh /etc config files location.. Message-ID: <199601222147.OAA23067@rocky.sri.MT.net> In-Reply-To: <199601221821.CAA11303@jhome.DIALix.COM> References: <GDcVv0nyd6@ache.dialup.ru> <199601221821.CAA11303@jhome.DIALix.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Wemm writes: > BTW: ssh-1.2.12a is SERIOUSLY crippled. It is damaged in several ways > as part of the "emergency patch", and still not secure because it > installed /usr/local/bin/ssh setuid-root. It now creates files in > your home directory while running as root, causing potential new holes > and races. :-( For those of us who use ssh and don't keep on the security lists outside this one, can you explain what hold the 'emergency patch' is trying to fix, and if there is some way of working around it? Thanks! Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601222147.OAA23067>