Re: ssh difference v3.3 vs. 3.4 ???
Colin Watson wrote:
>
> On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote:
> > 3.4 contains bugfixes for a few problems I don't completely understand
> > but I believe that there was a bug that could allow root access.
>
> If you're running 3.3 with privilege separation enabled (as it is by
> default), most remote root exploits become remote exploits of the sshd
> user, which is considerably less serious. 3.4 added fixes for the real
> problems rather than just bandaging over them.
[ snip ]
This is what really, really confuses me !!!
What is ``privilege separation'' ???
Where is it documented? (Not in the manpages, locally nor
<http://www.openbsd.org/cgi-bin/man.cgi?query=ssh> nor
<http://www.openbsd.org/cgi-bin/man.cgi?query=sshd>) . . .
Worse, this is what I get on THREE (3) systems:
# ssh -V
OpenSSH_3.3 Debian 1:3.3p1-0.0woody1, SSH protocols 1.5/2.0, OpenSSL
0x0090603f
# sshd -V
sshd: option requires an argument -- V
sshd version OpenSSH_3.3 Debian 1:3.3p1-0.0woody1
. . .
# grep -i rivi /etc/ssh/ssh*_config
#
Please, notice that that last command returned to the prompt *WITHOUT*
anything satisfying grep ;<
What is this all about?
How can I know that I am protected?
What do you think?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: