[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Significant OpenSSH Vulnerability ??

Subject: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Jun 2002 02:31:07 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

> Correct. That's what I did in my PKGs for the RaQ3, RaQ4, Qube3 and XTR as
> well: compile OpenSSH *with* PrivSep and then disable it specifically in
> sshd_config

Forgive me if I'm mis-interpreting what you're doing, but if you disable
privilege separation in the configuration then surely you're not getting
the protection against the attach that the feature provides.  After all
3.3 doesn't fix the 'bug', whatever it may be, just provides a feature
whereby someone won't be able to root your machine.

Regards,

John

Follow-Ups:
- Re: [cobalt-security] Significant OpenSSH Vulnerability ??
  - From: Michael Stauber

References:
- Re: [cobalt-security] Significant OpenSSH Vulnerability ??
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
Next by Date: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
Previous by thread: RE: [cobalt-security] Significant OpenSSH Vulnerability ??
Next by thread: Re: [cobalt-security] Significant OpenSSH Vulnerability ??

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index