OpenSSH 3.5p1

To: debian-ssh@lists.debian.org
Subject: OpenSSH 3.5p1
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 24 Oct 2002 16:35:29 +0100
Message-id: <[🔎] 20021024153529.GA8920@riva.ucam.org>
Mail-followup-to: debian-ssh@lists.debian.org

I'm currently putting together packages for 3.5p1. The Debian patches
forward-port without too much trouble, etc. However, is anyone in a
position to explain briefly what this "install ssh-agent setgid to avoid
ptrace attacks" thing is about?

Also, although it appears to drop privileges immediately and not regain
them, will it provide additional security to use a special-purpose
group? The Red Hat packages in OpenSSH CVS use group nobody.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: OpenSSH 3.5p1
  - From: Jason Lunz <lunz@falooley.org>
- Re: OpenSSH 3.5p1
  - From: Matthew Vernon <matthew@debian.org>

Prev by Date: Re: Sabbatical
Next by Date: Re: OpenSSH 3.5p1
Previous by thread: Re: Sabbatical
Next by thread: Re: OpenSSH 3.5p1
Index(es):
- Date
- Thread