cvs commit: src/crypto/openssh buffer.c

David Rhodus drhodus at catpa.com
Tue Sep 16 09:58:39 PDT 2003


On Tuesday, September 16, 2003, at 12:28 PM, Matthew Dillon wrote:
    Beat me to it.  I'm still trying to figure out what the
    security hole is, though.  Can another thread access the
    buffer while it is being expanded?  I have no idea.
Right now I'm not able to do much other than kill sshd, though
I think by the end of the day we should be able to exec from commands.
The last offer I got from an unnamed security company for a working
example was starting to get close to 6 digits....
I wonder if anyone will try to switch to DragonFly now that they need
a security fix and RELENG_4 is very unstable. I cvsup'd a RELENG_4
machine this morning and its already panic'd out.... Looks like even
though were is the development stages DragonFly is remanning a lot
more stable than FreeBSD's -Stable branch.
-DR






More information about the Commits mailing list