Date: Tue, 25 Jun 2002 23:41:03 -0400 From: Lord Raiden <raiden23@netzero.net> To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>, Christopher Schulte <schulte+freebsd@nospam.schulte.org>, Marco Radzinschi <marco@radzinschi.com>, FreeBDS-Questions <freebsd-questions@freebsd.org> Subject: Re: Upcoming OpenSSH vulnerability (fwd) Message-ID: <4.2.0.58.20020625234040.009bd450@pop.netzero.net> In-Reply-To: <5.1.1.6.2.20020625124040.041c50f0@pop3s.schulte.org> References: <4.2.0.58.20020625134233.009992b0@pop.netzero.net> <5.1.1.6.2.20020624224948.02923518@pop3s.schulte.org> <20020624234646.G22328-100000@mail.radzinschi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, one last silly question. Is the current 3.3 in the ports? If
it is I'll have to CVsup to get it.
At 12:45 PM 6/25/02 -0500, Christopher Schulte wrote:
>At 01:43 PM 6/25/2002 -0400, Lord Raiden wrote:
>> Ok, well we're still running OpenSSH 3.1 from the last security
>> upgrade recommendation. Should we go straight to 3.3 or wait for the
>> final fix?
>
>I believe the idea is to offer an upgrade to 3.3 now with privsep enabled
>( 'UsePrivilegeSeparation yes' in sshd_config ) and be immune to the bug,
>then update to 3.3.1 (3.4?) when the full disclosure happens early next week.
>
>> Secondly how do you enable this priv separation thing in the
>> config file? I'm unfamiliar with that.
>
>See above.
>
>--
>Christopher Schulte
>http://www.schulte.org/
>Do not un-munge my @nospam.schulte.org
>email address. This address is valid.
>
- The Raiden Knows
"Remember amateurs built the ark -- professionals built the Titanic." -
Unknown
"Just when you think you have life figured out and all is going well, watch
your step, for you are about to fall." - Ancient Proverb
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20020625234040.009bd450>