From owner-freebsd-security Mon Nov 2 05:24:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA09643 for freebsd-security-outgoing; Mon, 2 Nov 1998 05:24:39 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.128.94.182]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA09637 for ; Mon, 2 Nov 1998 05:24:37 -0800 (PST) (envelope-from software@kew.com) Received: from sonata.hh.kew.com (root@sonata-dmz.hh.kew.com [192.168.205.1]) by kendra.ne.mediaone.net (8.9.1/8.9.1) with ESMTP id IAA02254; Mon, 2 Nov 1998 08:24:31 -0500 (EST) Received: from kew.com (minerva.hh.kew.com [192.168.203.144]) by sonata.hh.kew.com (8.9.1/8.9.1) with ESMTP id IAA06077; Mon, 2 Nov 1998 08:24:30 -0500 (EST) Message-ID: <363DB28D.4A884162@kew.com> Date: Mon, 02 Nov 1998 08:24:29 -0500 From: Drew Derbyshire Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com) X-Mailer: Mozilla 4.5 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: dima@best.net CC: freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) References: <199811020647.WAA25893@burka.rdy.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dima Ruban wrote: > Would you trust a packet that came from non-priviledged > port and which wants to do something that even remotely should be secure? I wouldn't trust it even if it did come from a privileged port simply on the basis of the port number. Trusted ports require trusted hosts, which the Net is in short supply of these days. -ahd- -- Drew Derbyshire UUPC/extended e-mail: software@kew.com Telephone: 617-279-9812 Build a system even a fool can use, and only a fool will want to use it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message