LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] openssh vulnerability

[ILUG] openssh vulnerability

Anders Holm anders.holm at elivefree.net
Tue Jun 25 12:00:41 IST 2002 

[snip]
>
> It's not a work-around if you're running 2.2 kernels, as many people
> still are. I'm running a pair of heavily modded RH 6.2 machines, with
> upgraded kernels and all public services upgraded to latest.

Apparently John Madden was successful in this. Maybe one would ask him how
he did this? Might even be worth the effort, who knows?

> Suddenly I'm being told that I have to re-install both servers because
> of Theo de Raadt? Screw that. It's extremely irrespondible to insist on
> a pet solution that screws things up permanently for a large number of
> people.

No one said you'd have to re-install, did they, or did I miss something
along the way? That's your choice, you're the admin. No one insisted on it,
but rather gave a recommendation for a work around. And please, enlighten me
how it would screw things up for you. How exactly have you then "modded"
your _old_ RH 6.2 boxes? Maybe that is where your _real_ problem lies??
Maybe someone here would have a fix for your particular problem. After all,
isn't that why this list exists?

And for being irresponsible in giving a recommendation, wouldn't you rather
know about it than be "in the dark"?? To me, hearing this type of argument
from a sysadmin makes me wonder a bit. Are you not rather happier knowing
that there may be a problem, rather than having to find it out the hard way?
Isn't it beneficial in some way at all to know that your systems _may_ get
compromised by this vulnerability?

At this point, I think I've stated all of my argumentation on this subject.
I wouldn't be surprised at all if I get to hear this type of argumentation a
bit more. In any case, no one has forced any one to make any changes or
re-installs. This is all up to the responsible sysadmin to take care of and
plan for. And don't tell me that you'd have no planning ahead for possible
security vulnerabilities, then you're even worse than the people you are
flaming, since you then don't take the proper responsibility you should.

I've now dished out my share of flaming on this. I'd rather spend my time,
and the lists resources in trying to see what happens and if I could do
anything to help. The fact remains, there is a _possible_ vulnerability in
OpenSSH. Why not try to help fixing it instead of flaming the people who let
you know about it? In that way we'd all benefit. Who benefits by this?



> Regards,
>
> Vin
>
>
> --
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription
> information.
> List maintainer: listmaster at linux.ie
>

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell