From owner-freebsd-security@FreeBSD.ORG  Wed Sep 17 12:36:04 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8628D16A4B3
	for <security@freebsd.org>; Wed, 17 Sep 2003 12:36:04 -0700 (PDT)
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E551B43F75
	for <security@freebsd.org>; Wed, 17 Sep 2003 12:36:03 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: from apollo.backplane.com (localhost [127.0.0.1])
	by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h8HJa2LD012290;
	Wed, 17 Sep 2003 12:36:03 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.12.9/8.12.6/Submit) id h8HJa2K5012289;
	Wed, 17 Sep 2003 12:36:02 -0700 (PDT)
Date: Wed, 17 Sep 2003 12:36:02 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200309171936.h8HJa2K5012289@apollo.backplane.com>
To: Chuck Swiger <cswiger@mac.com>
References: <200309161817.h8GIH1GL072348@freefall.freebsd.org>
	<5.0.2.1.1.20030916225106.02e09dc0@popserver.sfu.ca>
	<1063807011.15698.3.camel@gentoo1.enic.cc>
	<20030917140107.GD91843@madman.celabo.org>
	<16232.43602.97364.411009@cnr.cs.columbia.edu>
	<20030917184232.GE6137@madman.celabo.org> <3F68B4EF.9050507@mac.com>
cc: security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 19:36:04 -0000


:[ ... ]
: >> On FreeBSD 5.0 and later, wouldn't it be both simpler and safer to
: >> recommend
: >> # /etc/rc.d/sshd restart
: >> instead?
:
:This can be dangerous if you are ssh'ed in, and the restart kills your 
:connection rather than the daemon.

    All the restart target does is basically kill the pid using the pid file
    and then restart the daemon, so it is no more dangerous then the below.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

: > Then there would be two sets of instructions, which sucks.
: >
: > I think we'll just not do it quite completely and go with
: >
: >     # kill `cat /var/run/sshd.pid`
: >     # /usr/sbin/sshd
:
:This is good.
:
:-- 
:-Chuck