From owner-freebsd-questions  Tue Jun 25 20:33:32 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from dragoncrest.jasnetworks.net (dragoncrest.jasnetworks.net [65.194.254.12])
	by hub.freebsd.org (Postfix) with ESMTP id CA73A37B401
	for <freebsd-questions@freebsd.org>; Tue, 25 Jun 2002 20:33:27 -0700 (PDT)
Received: from works (works.jasnetworks.net [192.168.0.2])
	by dragoncrest.jasnetworks.net (8.12.3/8.11.6) with ESMTP id g5Q3jCgh095446;
	Tue, 25 Jun 2002 23:45:12 -0400 (EDT)
	(envelope-from raiden23@netzero.net)
Message-Id: <4.2.0.58.20020625234040.009bd450@pop.netzero.net>
X-Sender: raiden23@pop.netzero.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Tue, 25 Jun 2002 23:41:03 -0400
To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Marco Radzinschi <marco@radzinschi.com>,
	FreeBDS-Questions <freebsd-questions@freebsd.org>
From: Lord Raiden <raiden23@netzero.net>
Subject: Re: Upcoming OpenSSH vulnerability (fwd)
In-Reply-To: <5.1.1.6.2.20020625124040.041c50f0@pop3s.schulte.org>
References: <4.2.0.58.20020625134233.009992b0@pop.netzero.net>
 <5.1.1.6.2.20020624224948.02923518@pop3s.schulte.org>
 <20020624234646.G22328-100000@mail.radzinschi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

         Ok, one last silly question.  Is the current 3.3 in the ports?  If 
it is I'll have to CVsup to get it.

At 12:45 PM 6/25/02 -0500, Christopher Schulte wrote:
>At 01:43 PM 6/25/2002 -0400, Lord Raiden wrote:
>>         Ok, well we're still running OpenSSH 3.1 from the last security 
>> upgrade recommendation.  Should we go straight to 3.3 or wait for the 
>> final fix?
>
>I believe the idea is to offer an upgrade to 3.3 now with privsep enabled 
>( 'UsePrivilegeSeparation yes' in sshd_config ) and be immune to the bug, 
>then update to 3.3.1 (3.4?) when the full disclosure happens early next week.
>
>>         Secondly how do you enable this priv separation thing in the 
>> config file?  I'm unfamiliar with that.
>
>See above.
>
>--
>Christopher Schulte
>http://www.schulte.org/
>Do not un-munge my @nospam.schulte.org
>email address.  This address is valid.
>


- The Raiden Knows

"Remember amateurs built the ark  -- professionals built the Titanic." - 
Unknown

"Just when you think you have life figured out and all is going well, watch 
your step, for you are about to fall." - Ancient Proverb

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message