[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Mon, Dec 08, 2003 at 01:28:20PM +1100, Russell Coker wrote:
> Another problem is that host keys require SUID ssh client in the
> default configuration.

This hasn't been true since OpenSSH 3.3, and therefore since before
woody. See ssh-keysign(8).

openssh (1:3.3p1-0.0woody1) testing-security; urgency=high

  * Support setuid ssh-keysign binary instead of setuid ssh client.

 -- Daniel Jacobowitz <dan@debian.org>  Mon, 24 Jun 2002 13:43:44 -0400


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: