Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jan 2001 09:57:53 +0000
From:      Rasputin <rasputin@FreeBSD-uk.eu.org>
To:        freebsd-security@freebsd.org
Subject:   Re: OpenSSH b0rked (was RE: Problems with IPFW patch)
Message-ID:  <20010129095752.A37233@dogma.freebsd-uk.eu.org>
In-Reply-To: <200101262153.f0QLrLL40016@earth.backplane.com>; from dillon@earth.backplane.com on Fri, Jan 26, 2001 at 01:53:21PM -0800
References:  <NDBBJJFIKLHBJCFDIOKGEEKHCAAA.kupek@earthlink.net> <FDEEKLDJMPFBCBKOEEINCEIGCKAA.scott@link-net.com> <20010124230626.A49802@citusc17.usc.edu> <20010125103255.A78404@FreeBSD.org> <200101262153.f0QLrLL40016@earth.backplane.com>

next in thread | previous in thread | raw e-mail | index | archive | help
* Matt Dillon <dillon@earth.backplane.com> [010126 21:55]:
> :I would ask, that in -STABLE at least, the fatal error be backed
> :out to a warning, at least for a few months (with sshd ignoring the
> :directive, and continuing to run), and then only move to a fatal
> :error + die.
> :
> :-aDe
> 
>     I second this request.  It also happened when pam.conf/ssh changed.
>     Only the serial console saved me from a car trip to one of my
>     colocated machines.  Two such changes in a row for ssh is too much.
> 
> 						-Matt

In general I'd agree with Matt and aDe, but if a directive
affecting security has changed, I'd say it's better to be notified of it 
as soon as possible. 
Killing off sshd obviously makes remote admin a real problem, though;
is there another way to guarantee we'd notice ?
 
-- 
Rasputin 
Jack of All Trades :: Master of Nuns


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129095752.A37233>