From owner-freebsd-security  Mon Jan  3 11:41:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from camelot.netcom.net.uk (camelot.netcom.net.uk [194.42.225.1])
	by hub.freebsd.org (Postfix) with ESMTP id 78E8214E01
	for <security@FreeBSD.ORG>; Mon,  3 Jan 2000 11:41:21 -0800 (PST)
	(envelope-from phil@hands.com)
Received: from fist.hands.com (dialup-06-24.netcomuk.co.uk [194.42.229.152])
	by camelot.netcom.net.uk (8.8.8/8.8.8) with SMTP id TAA15457
	for <security@FreeBSD.ORG>; Mon, 3 Jan 2000 19:41:07 GMT
Received: (qmail 1786 invoked from network); 3 Jan 2000 20:16:21 -0000
Received: from sheikh-dmz.hands.com (HELO sheikh.hands.com) (qmailr@193.195.34.10)
  by fist.hands.com with SMTP; 3 Jan 2000 20:16:21 -0000
Received: (qmail 14999 invoked by uid 1000); 3 Jan 2000 19:41:27 -0000
To: Eivind Eklund <eivind@FreeBSD.ORG>
Cc: Damien Miller <djm@mindrot.org>,
	Brian Fundakowski Feldman <green@FreeBSD.ORG>, security@FreeBSD.ORG,
	openssh-unix-dev@mindrot.org
Subject: Re: OpenSSH protocol 1.6 proposal
References: <Pine.BSF.3.96.1000103022509.7881A-100000@fledge.watson.org> <Pine.LNX.4.10.10001031922560.661-100000@mothra.mindrot.org> <20000103142050.B6173@bitbox.follo.net>
From: Philip Hands <phil@hands.com>
Date: 03 Jan 2000 19:41:27 +0000
In-Reply-To: <20000103142050.B6173@bitbox.follo.net>
 (Eivind Eklund's message of "Mon, 3 Jan 2000 14:20:51 +0100")
Message-ID: <87d7rjkkns.fsf@sheikh.hands.com>
Lines: 25
User-Agent: T-gnus/6.13.3 (based on Pterodactyl Gnus v0.98)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Eivind Eklund <eivind@FreeBSD.ORG> writes:

...
> * a default of sending out agent forwarding
> * no way to change the default and still selectively forward
> 
> The patches for the latter two problems are trivial; I'm including
> them below for completeness.

I've included this in the Debian packages of ssh and OpenSSH for some
time.  I also disable X forwarding by default, since that allows
classic X attacks to be launched by untrustworthy remote systems.

These patches should be accepted upstream IMO.

As ever, my openssh stuff can be found here:

 http://www.hands.com/~phil/debian/openssh/openssh_1.2.1pre24-1.diff.gz

I think all changes except the debian/ directory itself should be
either useful or at worst harmless upstream.

Cheers, Phil.
-- 
Boycott Amazon! ---  http://linuxtoday.com/stories/13652.html


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message