From owner-freebsd-security  Tue Jun 25 17:38:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP id 4EF2E37B403
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 17:38:29 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id SAA02864;
	Tue, 25 Jun 2002 18:38:03 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020625183521.00dd9af0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 25 Jun 2002 18:37:56 -0600
To: "Jeroen C.van Gelderen" <jeroen@vangelderen.org>
From: Brett Glass <brett@lariat.org>
Subject: Re: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH
  vu lner ability (fwd)
Cc: Mike Silbersack <silby@silby.com>,
	Brian Nelson <notgod@notgod.com>,
	Niels Provos <provos@citi.umich.edu>,
	FreeBSD Security <security@FreeBSD.ORG>
In-Reply-To: <B33A8B8D-8895-11D6-92C3-000393754B1C@vangelderen.org>
References: <4.3.2.7.2.20020625173402.00b4af00@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Sure! I'll send a note under separate cover with a
location where it can be downloaded via HTTP. The 
important thing is to add the lines

UsePrivilegeSeparation yes
Compression yes

to sshd_config, and also to delete any lines that the
newer version complains about (e.g. CheckMail).

--Brett

At 05:45 PM 6/25/2002, Jeroen C.van Gelderen wrote:
  
>On Tuesday, June 25, 2002, at 07:37 , Brett Glass wrote:
>
>>Geeze.... Just when someone finally says something nice about
>>me on this list.... ;-)
>>
>>Seriously, though, I'm just being practical. BTW, I've finally
>>managed to build a working binary package that will replace the \
>>built-in OpenSSH in place on 4.4, 4.5, and 4.5-RELEASE. You
>>may have to change /etc/ssh/sshd_config by hand afterward, but
>>then you'll get privilege separation. Anyone who would like
>> download or would like to post it, just e-mail.
>
>That sounds real good (TM). I could put it up for download if you want?
>
>-J
>
>
>>
>>--Brett
>>
>>
>>At 03:43 PM 6/25/2002, Mike Silbersack wrote:
>>
>>
>>>On Tue, 25 Jun 2002, Brian Nelson wrote:
>>>
>>>>So far, against all odds, Brett Glass has had the most stable,
>>>>unemotional, and responsible response to this whole issue...  everyone
>>>>else likes to yell at you when you don't trust whatever they say because
>>>>they are "big head figures" or suffering from "Young Geek Ego(tm)".
>>>
>>>This just proves that there is an exploit in the wild, and that someone
>>>has hacked Brett's box and is impersonating him. :)
>>>
>>>Mike "Silby" Silbersack
>>>
>>>
>>>To Unsubscribe: send mail to majordomo@FreeBSD.org
>>>with "unsubscribe freebsd-security" in the body of the message
>>
>>
>>To Unsubscribe: send mail to majordomo@FreeBSD.org
>>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message