On Thu, 14 Mar 2002 18:05:06 +0000 Dragos Ruiu <dr@kyx.net> wrote: > P.P.s. in other gossip, discussion of this vulnerability in such rapid succession > with the recent off by one has led Niels Provos to have some wonderful ideas, > and he's coming up with a priviledge separated version of sshd that does not > need to be root when handling network input. Details on his homepage. His patch > is not quite working yet, but he says it will migrate into the portable version > of openssh when tested and debugged. Wheee. Provos++ > > (Plug: come talk to him about it in Vancouver in May at cansecwest. :-) Ok, Niels is a fast developer. The tarball at http://www.citi.umich.edu/u/provos/ssh/privsep.html (not the patch) is the appropriate item to download. It still messes up on me for one strange client of mine and it still doesn't like putty but it looks like some other ssh's n stupf work now. Who knows, by the time you read this Niels may have fixed it all up. cheers, --dr -- --dr pgpkey: http://dragos.com/dr-dursec.asc CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com
