* Ben Rosenberg wrote on Tue, Jun 25, 2002 at 22:31 -0700:
* Dave (dave@alfar.co.uk) [020625 22:22]: ::I'm surprised at the haste with which this update was released - especially ::considering the vague nature of security concerns raised.
[...]
bit 1/2 baked with 3.3p1. As for a vague nature..blame Theo and the OpenBSD team for this. They didn't give any more information then "If you don't use privsep and 3.3p1 there is a "remote root exploit". *shrug* I would blame SuSE..
Well, exactly. I'm think the whole story is horrible and makes me angry. First, you have to use an experimental feature, which is known to cause many problems and on many architectures, and second, this update doesn't even solve the remote exploit! It just reduces it's impacts. Well, anything is guessed, since Theo didn't told details.
together a fix that works for most people. When the bug and true fix are released by the OpenBSD/SSH team I am sure SuSE will jump on it quickly.
Well, and maybe disabling those experimental security split mode, getting back the functionality. Well, and you'll have to upgrade next week in any case again...
so..no one's twisting your arm ..accept maybe a script kiddie who gets into your system because you didn't use the best fix that could be provided at the time. ;)
In this mode, the kiddie intrusion cracks a chroot jail with and some user==sshd or such. Well, I don't like that at all. Maybe they forgot an open directory file descriptor :) Surely the 2nd exploit from somewhere would use that... The thing that makes me nervous: since ssh had issues recently, the script kiddies have nice hostlist that are running ssh. Well, let's hope none of them read the flash worm articles and implemented that, since this issue maybe a really nice start. Even if it doesn't look like a zero day exploit, it may turn in fact to a minus-one-week-exploit, since maybe the script kiddies finished a work skeleton... I don't like to thing about that, huh... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.