Upcoming OpenSSH vulnerability (fwd)
Oliver Ob
ob_ok
Mon May 17 11:33:56 PDT 2004
"Philip J. Koenig" schrieb:
>
> There has been a heated discussion on this over in the FreeBSD
> security list, suffice to say that Theo's obnoxious attitude doesn't
> help matters. Nonetheless this is important info:
Why is that obnoxious at all?
> > We've been trying to warn vendors about 3.3 and the need for privsep,
> > but they really have not heeded our call for assistance. They have
> > basically ignored us. Some, like Alan Cox, even went further stating
> > that privsep was not being worked on because "Nobody provided any info
> > which proves the problem, and many people dont trust you theo" and
> > suggested I "might be feeding everyone a trojan" (I think I'll publish
> > that letter -- it is just so funny). HP's representative was
> > downright rude, but that is OK because Compaq is retiring him. Except
> > for Solar Designer, I think none of them has helped the OpenSSH
> > portable developers make privsep work better on their systems.
> > Apparently Solar Designer is the only person who understands the need
> > for this stuff.
> >
> > So, if vendors would JUMP and get it working better, and send us
> > patches IMMEDIATELY, we can perhaps make a 3.3.1p release on Friday
> > which supports these systems better. So send patches by Thursday
> > night please. Then on Tuesday or Wednesday the complete bug report
> > with patches (and exploits soon after I am sure) will hit BUGTRAQ.
I (have been prof. programmer in the 80s already) can estimate
the way programmers feel these days.
--
*??., ??,.??*???*? =Oliver at home= *??., ??,.??*??*?
I http://www.bmw-roadster.de/Friends/Olli/olli.html I
I http://www.bmw-roadster.de/Friends/friends.html I
I http://groups.yahoo.com/group/VGAP-93 I
I http://home.t-online.de/home/spacecraft.portal I
>>> Telek0ma iBBMS - soon back online +49.4503.TRSi1/TRSi2 <<<
More information about the Linux-users
mailing list