From owner-freebsd-security Sun Nov 1 20:54:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA03787 for freebsd-security-outgoing; Sun, 1 Nov 1998 20:54:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA03777 for ; Sun, 1 Nov 1998 20:54:20 -0800 (PST) (envelope-from jkb@shell6.ba.best.com) Received: (from jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id UAA06801; Sun, 1 Nov 1998 20:54:04 -0800 (PST) Message-ID: <19981101205404.A6579@best.com> Date: Sun, 1 Nov 1998 20:54:04 -0800 From: "Jan B. Koum " To: Paul Hart Cc: Peter Jeremy , freebsd-security@FreeBSD.ORG, winter@jurai.net Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) References: <19981101192724.A26335@best.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Paul Hart on Sun, Nov 01, 1998 at 09:29:32PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Nov 01, 1998 at 09:29:32PM -0700, Paul Hart wrote: > On Sun, 1 Nov 1998, Jan B. Koum wrote: > > > Which is why when you install ssh, you can run ./configure with > > "--disable-suid-ssh" argument. > > Which is a good thing, except for this time where the alleged hole appears > to be in sshd, a problem a non-SUID ssh won't help. > > Paul Hart > > -- > Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. > hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ > Uhm.. I know that. I was replying to the message which talked about possible buffer overflow problems with ssh client. :) -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message