Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

Mike Nowlin (mikeargos.org)
Tue, 5 Oct 1999 02:52:27 -0400 (EDT)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dag-Erling Smorgrav: "Re: Long username/password"
• Previous message: Mike Tancsa: "Re: Long username/password"
• In reply to: Kris Kennaway: "Re: Long username/password"
• Next in thread: Cy Schubert - ITSD Open Systems Group: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
• Reply: Cy Schubert - ITSD Open Systems Group: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"

> owned by root or the UID/EUID of the process. This is what Solar
> Designer's patches for Linux have done for some time now. It seems to
> break little (nothing, except POSIX? ;) and is quite effective. SolarD's

Not sure if your comment SAID that it breaks POSIX or not, but in this day
and age of trying to come up with a standard that people can both believe
in and rely on, "breaking POSIX" isn't something that should be taken too
lightly. Although there's a lot of quirks and overall dumbness in POSIX,
the rules were meant for a reason. I don't claim to be a POSIX expert,
but if this did break one of the guidelines, it would be a shame to have
to come back in three or four years and say "Linux and FreeBSD? Well,
they're sort of POSIX-compliant, but they screwed it up by....."

Maybe there's some other (better) way to solve this problem?

--mike

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Dag-Erling Smorgrav: "Re: Long username/password"
• Previous message: Mike Tancsa: "Re: Long username/password"
• In reply to: Kris Kennaway: "Re: Long username/password"
• Next in thread: Cy Schubert - ITSD Open Systems Group: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"
• Reply: Cy Schubert - ITSD Open Systems Group: "Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]"

This archive was generated by hypermail 2.0b3 on Tue Oct 05 1999 - 08:52:10 CDT