From owner-freebsd-security  Tue Jun 25 11:14:28 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lucubration.notgod.com (node-216-136-154-51.networks.paypal.com [216.136.154.51])
	by hub.freebsd.org (Postfix) with SMTP id 2FBAD37B426
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 11:14:14 -0700 (PDT)
Received: (qmail 11416 invoked from network); 25 Jun 2002 18:14:33 -0000
Received: from unknown (HELO notgod.com) (64.168.159.218)
  by node-216-136-154-51.networks.paypal.com with SMTP; 25 Jun 2002 18:14:31 -0000
Message-ID: <3D18B2D9.6030203@notgod.com>
Date: Tue, 25 Jun 2002 11:13:45 -0700
From: Brian Nelson <notgod@notgod.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020606
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Niels Provos <provos@citi.umich.edu>
Cc: Brian Nelson <notgod@notgod.com>,
	FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH vu
 lner ability (fwd)
References: <20020625103648.GG15772@citi.citi.umich.edu>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Level: 
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Niels Provos wrote:
> Privilege Separation has been committed to OpenSSH in the middle of
> March this year.  It is not just a few days old.

--- QUOTING THEO ---
OpenSSH 3.3p was released a few days ago, with various improvements
but in particular, it significantly improves the Linux and Solaris
support for priv sep.  However, it is not yet perfect.  Compression is
disabled on some systems, and the many varieties of PAM are causing
major headaches.
--- END QUOTING THEO ---

That would make this release "a few days old"... and has platform 
support issues, according to this announcement.  I have heard no 
official response form FreeBSD about the stability/ability to privsep on 
FreeBSD from anyone I remotely trust.

So far, against all odds, Brett Glass has had the most stable, 
unemotional, and responsible response to this whole issue...  everyone 
else likes to yell at you when you don't trust whatever they say because 
they are "big head figures" or suffering from "Young Geek Ego(tm)".


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message