Date: Mon, 2 Nov 1998 09:09:18 -0500 (EST) From: mike@seidata.com To: freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <Pine.BSF.4.05.9811020901240.7807-100000@ns1.seidata.com> In-Reply-To: <Pine.BSF.4.02.9811020233260.17054-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Nov 1998, Matthew N. Dodd wrote: > > Let me ask you this. Would you trust a packet that came from > > non-priviledged port and which wants to do something that even > > remotely should be secure? [snip] > The concept of 'secure port' is somewhat dated in this age of NT and Linux > lusers. [snip] Question: How did a discussion that was meant to logically determine the (un)importance of potential ssh vulnerabilities degrade into a childish "Linux is for lusers" (I guess I should respect the opinion of one who can't spell) argument which is currently doing little more than stating what we all (at least should) already know? While this thread grows, consumes more and more bandwidth, and gets more off-topic, who's actually working on this problem and attempting to resolve it? JKH's posts are the only one's I've seen that are level headed - let's not go off on tangents and make speculations that in no way help our cause. There's work to be done. My (and hopefully the list's) repsect to the individual(s) who actually comes up with proof-of-concept exploit code (to either prove or disprove ssh claims). Sorry if this is a little terse - but I don't see how having a mailbox full of "Did you hear this? and this... and this..." type messages is going to help our situation. Let's fix it or shutup. Later, -mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811020901240.7807-100000>