From owner-freebsd-security@FreeBSD.ORG  Wed Sep 17 12:55:59 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5ED5816A4C0
	for <security@freebsd.org>; Wed, 17 Sep 2003 12:55:59 -0700 (PDT)
Received: from out003.verizon.net (out003pub.verizon.net [206.46.170.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9648143FB1
	for <security@freebsd.org>; Wed, 17 Sep 2003 12:55:55 -0700 (PDT)
	(envelope-from cswiger@mac.com)
Received: from mac.com ([68.237.14.199]) by out003.verizon.net
          (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP
          id <20030917195554.XUZJ29617.out003.verizon.net@mac.com>
          for <security@freebsd.org>; Wed, 17 Sep 2003 14:55:54 -0500
Message-ID: <3F68BC47.5010002@mac.com>
Date: Wed, 17 Sep 2003 15:55:51 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
References: <200309161817.h8GIH1GL072348@freefall.freebsd.org>
	<5.0.2.1.1.20030916225106.02e09dc0@popserver.sfu.ca>
	<1063807011.15698.3.camel@gentoo1.enic.cc>
	<20030917140107.GD91843@madman.celabo.org>
	<16232.43602.97364.411009@cnr.cs.columbia.edu>
	<20030917184232.GE6137@madman.celabo.org> <3F68B4EF.9050507@mac.com>
	<200309171936.h8HJa2K5012289@apollo.backplane.com>
In-Reply-To: <200309171936.h8HJa2K5012289@apollo.backplane.com>
X-Enigmail-Version: 0.76.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out003.verizon.net from
	[68.237.14.199] at Wed, 17 Sep 2003 14:55:54 -0500
cc: security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 19:55:59 -0000

Matthew Dillon wrote:
[ ... ]
> :This can be dangerous if you are ssh'ed in, and the restart kills your 
> :connection rather than the daemon.
> 
>     All the restart target does is basically kill the pid using the pid file
>     and then restart the daemon, so it is no more dangerous then the below.

It's good that the FreeBSD script does not use 'killall' (for instance), but not 
every SysV sshd script is as sensible.  Of course, if you argued that a NG sshd 
RC script might involve dependencies which affected other processes, you'd have 
a point.  :-)

-- 
-Chuck