OpenSSH Trojan

Dan Eriksen eriksen at
Thu Aug 1 16:30:36 PDT 2002

On Thu, 1 Aug 2002 23:44:27 +0200
Matthias Benkmann <matthias at> wrote:

> Actually, if you follow the more_control hint, you don't even make install
> as root.

	I hadn't read the More Control hint before. Wow. It's so simple. Can't help but think- why didn't I think of that? I'll definitely be implementing this from the start next LFS install.
	I had trouble thinking that not building as root and then installing as root would be helpful. Maybe a bad analogy, but I picture it like locking your front door, but not the other- why bother. More Control and Package Management never leaves you vulnerable (to this particular attack), so I feel motivated to do it.
	One more question. Is it appropriate to ask questions like this on this list? Or is this supposed to be a more "vulnerability alert" type list?

Thank-you to everyone who replied.

Dan Eriksen
Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list