OpenSSH

Ronald Hummelink ronald at hummelink.xs4all.nl
Wed Jun 26 04:39:11 PDT 2002


On Wed, 2002-06-26 at 04:13, Jesse Tie-Ten-Quee wrote:

> Yo,
> 
> Actually that's the default on 3.3p1.  And I just had a nightmare for the
> past 3 hours fighting with it because of that fact.
> 
> Short version:  If you are running a linux kernel 2.2 box and want to
> use 3.3p1, disable UsePrivilegeSeparation in sshd_config to get the old
> tried and true method, or disable Compression to be able to use the
> UsePrivilegeSeparation properly.
> 
> Anyways...

You "have" to opt for disabling compression then. Without using
priviledge seperation OpenSSH 3.3 is as vulnerable to the remote root
hole as it didn't fix it yet. OpenSSH 3.3 improved the privsep code so
it actually works acceptably on something else then open/netbsd.
using privsep works around the roothole. A real fix should be released
in the form of 3.4 along with the sploit next week, if i understand all
rumours well ;)



-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list