Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Jason R Thorpe <>
From: Theo de Raadt <>
List: tech-security
Date: 06/27/2002 12:13:45
>  > But we've got another patch.  It's this big thing called privsep, and
>  > it does not point a big arrow at the little exact bug.
> privsep doens't entirely address the problem, either.  It merely
> mitigates its effects.  Lots of damage could theoretically be done
> if that sshd escapes from its jail.

Once an egg is written that is that clever.  That does not happen in a
day.  A simple root exploit does get written in a day, and I have
reports that 3 now exist after the ISS advisory went out.

The hacker community tells me that none were generated as a result of
my early warning, and that this new class of bug was not spotted by any
of them reading over the code night after night after night.

They were blindsided, but the users were not.

And you accuse me.  You should be ashamed.