Upcoming OpenSSH vulnerability

Chris Adams cmadams at hiwaay.net
Thu Jun 27 10:14:42 EST 2002


Once upon a time, Ben Lindstrom <mouring at etoh.eviladmin.org> said:
> > > Better yet now we are post 3.4 we need a real solution.
> >
> > As I said above, I don't see how to do post-auth privsep on Tru64.  The
> > requirements just don't seem to match the capabilities.  The only thing
> > I can see to do is to open a PTY unconditionally before post-auth
> > privsep and close it later if it is not needed (but I don't know for
> > sure that would work either).  That would be a fairly major change;
> > would such a change be accepted back into "core" OpenSSH?
> >
> 
> If you can get a preview fix posted.  I'll work within the OpenSSH porable
> group to ensure that some version of it gets included.
> 
> If that preview fix says 'we always open a temporary TTY' then so be it.
> We can look at how to handle non-tty case handled after.

I guess from that I should go ahead and make OpenSSH always open the TTY
and then discard it if it is not needed for all platforms, not just
Tru64 (at least the AIX folks were looking for this as well).  That
would lessen the "#ifdef HAVE_OSF_SIA" count.

Unless I head otherwise, I'll work towards that.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



More information about the openssh-unix-dev mailing list