[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Significant OpenSSH Vulnerability ??
- Subject: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 26 Jun 2002 03:52:16 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi John,
> Forgive me if I'm mis-interpreting what you're doing, but if you disable
> privilege separation in the configuration then surely you're not getting
> the protection against the attach that the feature provides.
You're absolutely correct, without PrivSep enabled SSH is far less secure.
However, when I was working on OpenSSH-3.3p1 two days ago it wasn't known
that "Compression no" would fix the PrivSep problem on 2.2 kernels. Thanks to
Jelmers input I could then go ahead and enable it.
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer