On Tue, 2002-06-25 at 16:50, Rob Andrews wrote: > [Raymond Wood wrote in newsgate.debian.security] > > Potato and Woody are both patched then. What is the recommended > > course of action for those running Sid? Should Sid users > > install the Woody patch, or is this a bad idea? > > Personally, I've dist-upgraded all woody and sid boxen I have, the sid > machines took the woody package without trouble. Just set PAM auth by > keyboard interactive to "no" and left it to it. > > Oh, the package created an 'sshd' user, and set it's homedir to > $HOMEDIRS/sshd, but didn't create the homedir itself. Since there isn't any > PoC code to test this with, I don't know how the chroot will end up. Anyone > got any ideas? I'd hate for the sandbox to end up being /. In the "recommended" config it would be something like "/var/empty", not writable by the sshd user. I don't have a system handy to verify whether the package does the right thing here though. Cheers, Tycho -- Tycho Fruru tycho@fruru.com "Prediction is extremely difficult. Especially about the future." - Niels Bohr
Attachment:
signature.asc
Description: This is a digitally signed message part