[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Upcoming OpenSSH vulnerability
> I don't have the patience to patch OpenSSH and re-patch it again next
> week, so I think I'll just have pf block port 22. :-)
you're missing the point.
you don't have to patch it next week if you enable privsep.
and hopefully, you will never have to patch it ever again for holes.
and you're not patching, you're upgrading and enabling privsep.
patching comes when the vulnerability and patches are announced to the
world. (which will hopefully all be using privsep anyway, and if not,
then when another remote root hole is discovered, the people who didn't
incorporate privsep will be laughed at in a hysterical manner)