[Bug 486] New: "PermitRootLogin no" can implicitly reveal root password
Markus Friedl
markus at openbsd.org
Mon Feb 24 20:21:12 EST 2003
On Sun, Feb 23, 2003 at 01:19:24PM -0800, Frank Cusack wrote:
> On Sun, Feb 23, 2003 at 12:28:50PM +0100, Markus Friedl wrote:
> > On Sat, Feb 22, 2003 at 05:33:29PM -0800, Frank Cusack wrote:
> > > Can someone (Markus?) point me to the change which fixes this? Is
> > > there a publically available mailing list archive where CVS logs
> > > can be found?
> >
> > i backed out the first patch from bug #387.
>
> That's not in CVS. (ie, the first patch from bug #387 is still applied).
> Do you mean the first "ugly fix"? I didn't think so since in #387 you
> say the fix is broken, before you added the "ugly fix".
- markus at cvs.openbsd.org 2003/02/06 21:22:43
[auth1.c auth2.c]
undo broken fix for #387, fixes #486
> In any event, is it correct that this is only a problem when using privsep?
yes.
More information about the openssh-unix-dev
mailing list