From owner-freebsd-security Mon Oct 4 14:44: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from quaggy.ursine.com (lambda.blueneptune.com [209.133.45.179]) by hub.freebsd.org (Postfix) with ESMTP id A530F155D1 for ; Mon, 4 Oct 1999 14:42:29 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Received: from michael (lambda.ursine.com [209.133.45.69]) by quaggy.ursine.com (8.9.2/8.9.3) with ESMTP id OAA19953 for ; Mon, 4 Oct 1999 14:42:30 -0700 (PDT) Message-ID: <199910041442290320.2386AC1A@quaggy.ursine.com> In-Reply-To: <05b301bf0e8b$e5ca32e0$1e80000a@avantgo.com> References: <199909291352.GAA31310@cwsys.cwsent.com> <199909300401.WAA08495@harmony.village.org> <199910020846310710.17F35F81@quaggy.ursine.com> <05b301bf0e8b$e5ca32e0$1e80000a@avantgo.com> X-Mailer: Calypso Version 3.00.00.13 (2) Date: Mon, 04 Oct 1999 14:42:29 -0700 From: "Michael Bryan" To: freebsd-security@FreeBSD.ORG Subject: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> This still allows /dev/log -> /var/run/log to work, but prevents >> abuse in cases of poor code like in ssh. > >Why not just fix the problem? We can add code via the patches in the ssh >port, which will later work its way back into ssh. Fixing ssh makes sense, but modifying the kernel behaviour also makes sense, as it prevents abuse for any other programs that have the same coding error. Other OS's are already implementing this type of check in the kernel. If there is needed functionality which is lost by such a kernel mod then it would be less desireable, of course. Michael Bryan fbsd-security@ursine.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message