Date: Mon, 24 Jun 2002 16:38:17 -0700 (PDT) From: Brian Behlendorf <brian@hyperreal.org> To: "Dalin S. Owen" <dowen@nexusxi.com> Cc: Jason DiCioccio <geniusj+categories.replies@bluenugget.net>, <freebsd-security@freebsd.org> Subject: Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd) Message-ID: <20020624163538.H10398-100000@yez.hyperreal.org> In-Reply-To: <20020624162040.A280@nexusxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 2002, Dalin S. Owen wrote: > FreeBSD's OpenSSH is too old, it doesn't have PrivSep.. :( So firewall > your port 22 guys. :) I upgraded to openssh-portable 3.3p1 from ports; note that this morning the port was updated to build openssl 0.9.6d as well, rather than use FreeBSD's openssl libs. I also had to enable privsep; this requires creating an sshd user & group, and creating an empty /var/empty/ for the priv separator to chroot to. Hopefully the openssh-portable port can be updated to create that account & dir at some point, since privsep is on now be default. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624163538.H10398-100000>