From owner-freebsd-security Mon Nov 15 15:16:12 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id A861C1519B; Mon, 15 Nov 1999 15:16:10 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 91FEF1CD43D; Mon, 15 Nov 1999 15:16:10 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Mon, 15 Nov 1999 15:16:10 -0800 (PST) From: Kris Kennaway To: John Hay Cc: Brian Fundakowski Feldman , freebsd-security@FreeBSD.ORG Subject: Re: ssh-1.2.27 remote buffer overflow - work around ?? In-Reply-To: <199911150602.IAA13567@zibbi.mikom.csir.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 Nov 1999, John Hay wrote: > > reason. I can't condone this technically illegal action. The better > > question is why aren't you using OpenSSH? > > Well, is there a way of not using rsh to fetch it? Our firewall don't > allow incoming tcp connections and rsh needs one. Ahh yes, remote cvs uses rsh :-( Short of using the real SSH to fetch openSSH (which won't be useful if you're trying to fetch openssh because you can't legally use SSH in your situation in the first place) I can't think of another way to get it via CVS. Perhaps we'll have to fall back to tarring up the source on a non-US ftp server..this is probably a problem for a lot of people :-( Kris ---- Cthulhu for President! For when you're tired of choosing the _lesser_ of two evils.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message