For us AIXers ...
Sandor W. Sklar
ssklar at stanford.edu
Wed Jun 26 05:48:35 EST 2002
At 2:31 PM -0500 6/25/02, Ben Lindstrom wrote:
>On Tue, 25 Jun 2002, Sandor W. Sklar wrote:
>
>> ... who are nervous because:
>>
>> (a) it seems that there will be a widely-known vulnerability
>> and/exploit for OpenSSH available in the coming days, and
>>
>> (b) the advertised fix for the problem, privilege separation, doesn't
>> seem to be working on AIX as of the latest release version of OpenSSH
>> (based on the comments I've read; I haven't tried it yet) ...
>>
>
>moving aix_usrinfo() into do_setusercontext() is the fix.. And it's
>current in the CVS tree. Mr Tucker was nice enough to provide the patch
>and verify it.
>
>The only downfall at this point is TTY= is not set by usrinfo(). At this
>moment I've not heard from anyone that has stated this is a problem in the
>short term.
Thank you so much! Are there plans to do another "release" shortly
(before the announcement of the "you'll be rooted" vulnerability)
with that fix incorporated, or do I need to go with the CVS version?
I'm hesitant to roll out "in-flux" code to my production systems, but
I'll do what I got to do.
Thanks again, -S-
--
Sandor W. Sklar - Unix Systems Administrator - Stanford University ITSS
Non impediti ratione cogitationis. http://whippet.stanford.edu/~ssklar/
More information about the openssh-unix-dev
mailing list