Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability

To: Tycho Fruru <tycho@fruru.com>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
From: Mark Janssen <maniac@maniac.nl>
Date: 25 Jun 2002 18:33:31 +0200
Message-id: <[🔎] 1025022811.19084.3.camel@ninja>
In-reply-to: <[🔎] 1025022446.13839.11.camel@kungfoo.conostix.com>
References: <20020625123712.GA25088@wiggy.net> <[🔎] 20020625141909.GA6159@magma.ca> <[🔎] slrnahh0pm.k7.rob@deviant.impure.org.uk> <[🔎] 1025022446.13839.11.camel@kungfoo.conostix.com>

On Tue, 2002-06-25 at 18:27, Tycho Fruru wrote:
> In the "recommended" config it would be something like "/var/empty", not
> writable by the sshd user.  I don't have a system handy to verify
> whether the package does the right thing here though.

The debian package chroots to the empty and root:root owned dir
/var/run/sshd

I myself changed this to root:sys, but that shouldn't really matter.

-- 
Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178
Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT
Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
  - From: Raymond Wood <raywood@magma.ca>
- Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
  - From: Rob Andrews <rob@impure.org.uk>
- Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
  - From: Tycho Fruru <tycho@fruru.com>

Prev by Date: Re: the openssh exploit
Next by Date: Re: DSA-134-1
Previous by thread: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
Next by thread: Re: [SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
Index(es):
- Date
- Thread