Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Sean Davis <>
From: Theo de Raadt <>
List: tech-security
Date: 06/24/2002 18:48:20
> I don't really care about a bug description. But I do feel that having a fix
> and not releasing it is a little irresponsible. It doesn't seem to me like too
> much to ask that the authors provide fixes to their software.

You are so entirely out of touch with reality.  Less than 24 hours
after we produce a patch, there will be a public exploit.  You'll see.

But we've got another patch.  It's this big thing called privsep, and
it does not point a big arrow at the little exact bug.

But you don't understand.  Wow the world has an overabundance of
entirely stupid people in it.