[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Significant OpenSSH Vulnerability ??

Subject: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 26 Jun 2002 03:52:16 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi John,

> Forgive me if I'm mis-interpreting what you're doing, but if you disable
> privilege separation in the configuration then surely you're not getting
> the protection against the attach that the feature provides. 

You're absolutely correct, without PrivSep enabled SSH is far less secure. 
However, when I was working on OpenSSH-3.3p1 two days ago it wasn't known 
that "Compression no" would fix the PrivSep problem on 2.2 kernels. Thanks to 
Jelmers input I could then go ahead and enable it.

-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- RE: [cobalt-security] Significant OpenSSH Vulnerability ??
  - From: Tony

References:
- Re: [cobalt-security] Significant OpenSSH Vulnerability ??
  - From: John Bailey

Prev by Date: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
Next by Date: Re: [cobalt-security] apache update when?
Previous by thread: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
Next by thread: RE: [cobalt-security] Significant OpenSSH Vulnerability ??

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index