Re: [LUG] OpenSSH Vunrability

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] OpenSSH Vunrability
From: Simon Waters <Simon@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Jun 2002 02:42:35 +0100
Reply-to: list@xxxxxxxxxxxx

Theo Zourzouvillys wrote:


try turning off compression, especially if you're using a 2.2 kernel.

There was some stuff about it in the debian security announcement...

* compression does not work on all operating systems since the code
 relies on specific mmap features


however, solar designer has apparently released a patch for 2.2 kernels -
dunno where though! ;)

<doh> - for those catching up privsep has it's own README in the
new source tar ball, you have to make an empty chroot jail and
user.....yawn.


Make sure you enable PrivelegeSeperation in sshd_config, too ;)


Compression is off by default as well by the looks of it - oh
dear.

I'm off to reread the documentation, such as it is.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

References:
- [LUG] OpenSSH Vunrability
  - From: Theo Zourzouvillys
- Re: [LUG] OpenSSH Vunrability
  - From: Simon Waters
- Re: [LUG] OpenSSH Vunrability
  - From: Theo Zourzouvillys

Prev by Date: Re: [LUG] OpenSSH Vunrability
Next by Date: Re: [LUG] OpenSSH Vunrability
Previous by thread: Re: [LUG] Idle chatter Re: my spelling sucks like openssh 3.3p1 (Re: openssh 3.3p1 sucks badly Re: [LUG] OpenSSH Vunrability)
Next by thread: Re: [LUG] OpenSSH Vunrability
Index(es):
- Date
- Thread

Lynx friendly