Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Jun 2002 12:20:05 -0700 (PDT)
From:      Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To:        Theo de Raadt <deraadt@cvs.openbsd.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Wow
Message-ID:  <20020626192009.2A8C1274E@sitemail.everyone.net>

next in thread | raw e-mail | index | archive | help
privsep on privsep off wtf ?
makeup your mind.
do everyone a favour, let us all keep our openssh off for a few weeks, or we could firewall them, or use telnet for that matter temporarily and even if some of us do run openssh openly then it's their responsibility if they get hacked. AND YOU IN THE MEANWHILE should take some rest and release a version which will probably wont be found vulnerable atleast untill next 2 - 3 months. PLEASE!!
Please, instead of wasting time in rants against you on mailing lists, and then replying them and then releasing improper advisories with no technical details and ordering people to just update cause you said so, you better be off focusing more at the code. (no offence)

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk


--- Theo de Raadt <deraadt@cvs.openbsd.org> wrote:
>> On Wed, Jun 26, 2002 at 11:41:03AM -0600, Theo de Raadt wrote:
>> > Man, you guys sure do talk shit a lot.  But anyways, that is hardly
>> > surprising or news.
>> > 
>> > I do have a question though.
>> > 
>> > Did any of you get broken in via this hole yet?
>> 
>> Nope.  Just wasted a good part of yesterday upgrading 60 boxes
>> from a non-vulnerable version of OpenSSH to a version with a now
>> known remote exploit.
>> 
>> I think the PR for this issue could have been a bit better...
>
>We also did 5600 lines of further security auditing work over the last
>week.  We're fairly convinced that some of the things we changed are
>relevant as well.  ie.  more holes.
>
>And that is commited in 3.4
>
>By all means.  Please continue running what you have.  Don't upgrade
>to 3.4.  And please turn privsep off.
>
>Or, please, use someone else's software.
>
>Please.


_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net  http://www.everyone.net/?btn=tag

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626192009.2A8C1274E>