Upcoming OpenSSH vulnerability

Corinna Vinschen vinschen at redhat.com
Wed Jun 26 07:23:15 EST 2002


On Tue, Jun 25, 2002 at 02:03:14PM -0400, Niels Provos wrote:
> On Tue, Jun 25, 2002 at 10:34:33AM +0200, Corinna Vinschen wrote:
> > The Cygwin version of OpenSSH can't support it since sendmsg()/recvmsg()
> > currently can't transmit file descriptors.
> You still get pre-authentication privilege separation if you support
> mmap.  File descriptor passing is required only for
> post-authentication privilege separation.

Yep, I've already released a new version of OpenSSH (3.3p1-2) as
part of the Cygwin net release containing Markus' fix to suppress
postauth privsep.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com



More information about the openssh-unix-dev mailing list