Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Paul Hoffman (phoffmanproper.com)
Date: Tue Dec 04 2001 - 21:21:57 CST
So, back to my original questions. If I want to (a) update to the
latest OpenSSH and (b) take steps to prevent the badness of going to
an older version if I update to, say, 1.5.2, what can I do? I can
make OpenSSH from pkgsrc and edit /etc/rc.d/sshd to point to
/usr/pkg, but how do I prevent a future update from overwriting
/etc/rc.d/sshd and pointing to /usr/sbin/sshd? Simply removing
/usr/sbin/sshd won't be enough, because the future update will
probably put in a new sshd. Is there some fancy permissions thing I
can do cause the future update to fail to change /etc/rc.d/sshd?
This seems like a serious security issue, although it might be best
handled in connection with the folks who work on version installers.