From owner-freebsd-security Sat Jun 29 17:25:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F2B337B401; Sat, 29 Jun 2002 17:25:16 -0700 (PDT) Received: from sage-one.net (adsl-65-71-135-137.dsl.crchtx.swbell.net [65.71.135.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CF5A43E06; Sat, 29 Jun 2002 17:25:15 -0700 (PDT) (envelope-from jackstone@sage-one.net) Received: from sagea (sagea [192.168.0.3]) by sage-one.net (8.11.6/8.11.6) with SMTP id g5U0P9595864; Sat, 29 Jun 2002 19:25:09 -0500 (CDT) (envelope-from jackstone@sage-one.net) Message-Id: <3.0.5.32.20020629192508.0117cc50@mail.sage-one.net> X-Sender: jackstone@mail.sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 29 Jun 2002 19:25:08 -0500 To: Scott Robbins From: "Jack L. Stone" Subject: Re: Sshd fix Cc: FreeBSD user , Scott Gerhardt , FreeBSD , freebsd-security@FreeBSD.ORG In-Reply-To: <20020630004754.GA2600@scott1.homeunix.net> References: <3.0.5.32.20020629173550.0117cc50@mail.sage-one.net> <3.0.5.32.20020629173550.0117cc50@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 07:47 PM 6.29.2002 -0500, Scott Robbins wrote: >On Sat, Jun 29, 2002 at 05:35:50PM -0500, Jack L. Stone wrote: >> At 07:07 PM 6.28.2002 -0600, FreeBSD user wrote: >> >cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE >> install distclean >> > >> I just ran this on a test box and the sshd version shows no change... I saw >> it compile and install, but #sshd -V gives old version #... >> >> What did I do wrong here...?? > >BTW after the other Scott's post, I tried it his way--leaving out >sshd_enable and sshd_program. Worked quite well--also, one reason I >haven't done the overwrite option--as Jonathan said, won't that get >clobbered next time you do make world? > >Interestingly enough, pkg-message suggests doing this--leaving >sshd_enable at YES, adding sshd_program and then editing the path, (I >assume root's) so that /usr/local/sbin comes before /usr/sbin. >However, I've found the lazy man's way, which seems to be efficient as >well, to be a combination of Jonathan's and the other Scott's. > >I realize this is not exactly what Jack is asking, but I'm wondering >too--if one does the OVERWRITE, won't it get clobbered upon the next >make world? > >Thanks >Scott Robbins >> This is what worries me too. I deinstalled the ssh port right afterwards, but I'm wondering what else is changed. I noticed it updated the openssl-0.9.6a to 0.9.6d that I didn't expect. The /var/db/pkg shows that "d" version installed. I'm running SSL on that machine and it still says 0.9.6.a when I load Apache_modssl and OpenSSH, etc. But, NOW, I'm really worried that I shot myself in the foot and this is waiting to bite me later. If anyone knows the answer to what Scott said about the next make world clobbering things, please let me know.... Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message