tech-security: Re: OpenSSH Priv Sep and Remote Exploit?

Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Theo de Raadt <deraadt@cvs.openbsd.org>
From: Jason R Thorpe <thorpej@wasabisystems.com>
List: tech-security
Date: 06/27/2002 10:23:41

On Mon, Jun 24, 2002 at 06:48:20PM -0600, Theo de Raadt wrote:

 > But we've got another patch.  It's this big thing called privsep, and
 > it does not point a big arrow at the little exact bug.

privsep doens't entirely address the problem, either.  It merely
mitigates its effects.  Lots of damage could theoretically be done
if that sshd escapes from its jail.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>