From: Vincent Cunniffe (vincent at domain cunniffe.net)
Date: Tue 25 Jun 2002 - 11:29:48 IST
Quoting Anders Holm <anders.holm at domain elivefree.net>:
>
> As you yourself state it is a work around, not a solution. And yes, they
> also stated that there was problems with PrivSep. And by _not_ running it
> currently on a production machine, what problems do you keep open for
> exploitation? What other methods, apart from SSH, would you have that are
> secure to use? Those are very important questions, which should not be
> taken lightly by any sys admin with machines out in the wild.
It's not a work-around if you're running 2.2 kernels, as many people
still are. I'm running a pair of heavily modded RH 6.2 machines, with
upgraded kernels and all public services upgraded to latest.
Suddenly I'm being told that I have to re-install both servers because
of Theo de Raadt? Screw that. It's extremely irrespondible to insist on
a pet solution that screws things up permanently for a large number of
people.
Regards,
Vin
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:30 GMT