Re: [ILUG] openssh vulnerability

From: Rick Moen (rick at domain linuxmafia.com)
Date: Tue 25 Jun 2002 - 03:16:50 IST

• Next message: Anders Holm: "RE: [ILUG] openssh vulnerability"
• Previous message: Paul Jakma: "Re: [ILUG] openssh vulnerability"
• In reply to: Paul Kelly: "Re: [ILUG] openssh vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Quoting Paul Kelly (longword at domain esatclear.ie):

> Maybe I'm reading it wrong, but to me that message reads like 'We don't
> care to fix this bug right now, go use PrivSep even though it doesn't
> work quite right yet'. And Theo wonders why people don't get on well
> with him...

Well, to the extent that PrivSep works, it means that any remote exploit
would have to break out of a non-root-authority process's chroot jail.
Which is better than nothing.

I have 3.3p1 running with "UsePrivilegeSeparation yes" on Linux since
this morning, and it seems to work so far.

• Next message: Anders Holm: "RE: [ILUG] openssh vulnerability"
• Previous message: Paul Jakma: "Re: [ILUG] openssh vulnerability"
• In reply to: Paul Kelly: "Re: [ILUG] openssh vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:29 GMT