From owner-freebsd-security@FreeBSD.ORG  Wed Sep 17 11:42:33 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D3B0C16A4B3
	for <security@FreeBSD.org>; Wed, 17 Sep 2003 11:42:33 -0700 (PDT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0186743FBF
	for <security@FreeBSD.org>; Wed, 17 Sep 2003 11:42:33 -0700 (PDT)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK))
	by gw.celabo.org (Postfix) with ESMTP
	id 908D25482B; Wed, 17 Sep 2003 13:42:32 -0500 (CDT)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id 2B3DA6D454; Wed, 17 Sep 2003 13:42:32 -0500 (CDT)
Date: Wed, 17 Sep 2003 13:42:32 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Jonathan Lennox <lennox@cs.columbia.edu>
Message-ID: <20030917184232.GE6137@madman.celabo.org>
References: <200309161817.h8GIH1GL072348@freefall.freebsd.org>
	<5.0.2.1.1.20030916225106.02e09dc0@popserver.sfu.ca>
	<1063807011.15698.3.camel@gentoo1.enic.cc>
	<20030917140107.GD91843@madman.celabo.org>
	<16232.43602.97364.411009@cnr.cs.columbia.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <16232.43602.97364.411009@cnr.cs.columbia.edu>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.4i-ja.1
cc: Mark Foster <mark@foster.cc>
cc: security@FreeBSD.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 18:42:33 -0000

On Wed, Sep 17, 2003 at 02:39:14PM -0400, Jonathan Lennox wrote:
> Jacques A. Vidrine writes:
> > On Wed, Sep 17, 2003 at 06:56:51AM -0700, Mark Foster wrote:
> > > Also, the command as shown doesn't work under csh, you must run under sh
> 
> > Good point.  I've always assumed use of the real shell :-) for
> > security advisories, but that is not a good assumption, particularly
> > since by default the root user has csh.
> 
> On FreeBSD 5.0 and later, wouldn't it be both simpler and safer to
> recommend
> # /etc/rc.d/sshd restart
> instead?

Then there would be two sets of instructions, which sucks.

I think we'll just not do it quite completely and go with

    # kill `cat /var/run/sshd.pid`
    # /usr/sbin/sshd

-- 
Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se