Date: Mon, 29 Jan 2001 09:57:53 +0000 From: Rasputin <rasputin@FreeBSD-uk.eu.org> To: freebsd-security@freebsd.org Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) Message-ID: <20010129095752.A37233@dogma.freebsd-uk.eu.org> In-Reply-To: <200101262153.f0QLrLL40016@earth.backplane.com>; from dillon@earth.backplane.com on Fri, Jan 26, 2001 at 01:53:21PM -0800 References: <NDBBJJFIKLHBJCFDIOKGEEKHCAAA.kupek@earthlink.net> <FDEEKLDJMPFBCBKOEEINCEIGCKAA.scott@link-net.com> <20010124230626.A49802@citusc17.usc.edu> <20010125103255.A78404@FreeBSD.org> <200101262153.f0QLrLL40016@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Matt Dillon <dillon@earth.backplane.com> [010126 21:55]: > :I would ask, that in -STABLE at least, the fatal error be backed > :out to a warning, at least for a few months (with sshd ignoring the > :directive, and continuing to run), and then only move to a fatal > :error + die. > : > :-aDe > > I second this request. It also happened when pam.conf/ssh changed. > Only the serial console saved me from a car trip to one of my > colocated machines. Two such changes in a row for ssh is too much. > > -Matt In general I'd agree with Matt and aDe, but if a directive affecting security has changed, I'd say it's better to be notified of it as soon as possible. Killing off sshd obviously makes remote admin a real problem, though; is there another way to guarantee we'd notice ? -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129095752.A37233>