C> It is important to check on the *security boundary* between a user and
C> root. sshd's command line interface is not such a security boundary; the
C> invoking user is already root and can do whatever they like in other
C> ways.
I'm saying it's important to have lots of checks against
fumble-fin
On Wed, Jan 09, 2008 at 05:11:37AM +0800, [EMAIL PROTECTED] wrote:
> C> If it matters, you're already root. Please don't claim things as
> C> security concerns when they aren't.
>
> On the contrary, it is even more important to check when one is root.
It is important to check on the *security bou
C> If it matters, you're already root. Please don't claim things as
C> security concerns when they aren't.
On the contrary, it is even more important to check when one is root.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Jan 09, 2008 at 04:10:52AM +0800, [EMAIL PROTECTED] wrote:
> One would think that a program so highly related to security would
> check its arguments better before proceeding to stage II or whatever.
If it matters, you're already root. Please don't claim things as
security concerns when th
Package: openssh-server
Severity: wishlist
One would think that a program so highly related to security would
check its arguments better before proceeding to stage II or whatever.
$ /usr/sbin/sshd --help
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host
5 matches
Mail list logo
