[Bug 486] New: "PermitRootLogin no" can implicitly reveal root password
Frank Cusack
fcusack at fcusack.com
Mon Feb 24 08:19:24 EST 2003
On Sun, Feb 23, 2003 at 12:28:50PM +0100, Markus Friedl wrote:
> On Sat, Feb 22, 2003 at 05:33:29PM -0800, Frank Cusack wrote:
> > Can someone (Markus?) point me to the change which fixes this? Is
> > there a publically available mailing list archive where CVS logs
> > can be found?
>
> i backed out the first patch from bug #387.
That's not in CVS. (ie, the first patch from bug #387 is still applied).
Do you mean the first "ugly fix"? I didn't think so since in #387 you
say the fix is broken, before you added the "ugly fix".
In any event, is it correct that this is only a problem when using privsep?
thanks
/fc
More information about the openssh-unix-dev
mailing list