[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Significant OpenSSH Vulnerability ??
- Subject: Re: [cobalt-security] Significant OpenSSH Vulnerability ??
- From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Jun 2002 11:20:14 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>> Here are my OpenSSH-3.3p1 compile options:
>>
>> ./configure --prefix=/usr \
>> --sysconfdir=/etc/ssh \
>> --with-ssl-dir=/opt/openssl-0.9.6d \
>> --with-zlib=/opt/zlib-1.1.4 \
>> --libexecdir=/usr/libexec/openssh \
>> --with-ipv4-default \
>> --with-pam=/lib/security \
>> --with-md5-passwords \
>> --with-default-
>> path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
>> --with-privsep-user=nobody \
>> --with-privsep-path=/home/sites
^^^^^^^^^^^
I could be wrong, but don't you want to create an empty directory for the
privsep option? If someone were to overpower ssh wouldn't they be dumped
into your websites directory?
-j
--
http://www.bizmanuals.com