Security Update from MAC breaks ssh -X
John Davidorff Pell
johnpell at gmail.com
Tue Mar 20 11:30:18 EST 2007
On Mar 19, 2007, at 4:26 PM, William Ahern wrote:
> On Tue, Mar 20, 2007 at 09:25:49AM +1100, Darren Tucker wrote:
>> This has been the default for years, I don't know why you're only
>> seeing
>> problems now (unless Apple used to change the default in their
>> packages
>> and now don't?)
The original poster is running Mac OS X 10.3.9. 10.3 is 3 years old.
> For one thing, Apple hasn't updated their version of OpenSSH for
> years.
> Which patches they backport is anyone's guess. They certainly haven't
> backported control socket mastering.
Apple doesn't backport much of anything in the open source projects,
they just update the the latest release. At the same time, Apple
doesn't update *any* software in Mac OS X unless there are security
flaws or other bug fixes. Mac OS X is a commercial operating system
that cannot afford the release-early-and-fix-often mentality. It has
to work (well enough) the first time, and not break later. (Yes, I
know that this doesn't always happen. Its /supposed/ to work this way.)
> Likewise for OpenSSL. Basically, Apple ceased all Unix environment
> development the moment OS X shipped. Soon porting Unix apps to OS X
> will be
> as fun as to Microsoft's POSIX interface.
That's just not true. With each major release of Mac OS X, Apple
syncs with the FreeBSD userland. Almost all commands that were
shipping with FreeBSD 5.0 are the versions in Tiger. In some cases,
Tiger versions have been updated due to security fixes or just bug
fixes, as I mentioned above. That's not all that old.
Specifically for OpenSSH. Apple updated to OpenSSH 3.8 (from 3.6) in
a security update sometime after 10.4.6 (it might simply have been in
10.4.7, I don't remember). The latest security update came up to
OpenSSH 4.5.
The moral of the story: If you want Apple to update a working open
source package in between major releases, then find and report [to
Apple] a security flaw that is fixed in the version of the package
that you want Apple to update to. ;-)
JP
--
"Human beings, who are almost unique in having the ability to learn
from the experience of others, are also remarkable for their apparent
disinclination to do so." -- Douglas Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2520 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20070319/a26351c0/attachment.bin
More information about the openssh-unix-dev
mailing list