On Wed, Jun 26, 2002 at 03:39:49PM -0400, Reid Gilman wrote: > 3.4 contains bugfixes for a few problems I don't completely understand > but I believe that there was a bug that could allow root access.
If you're running 3.3 with privilege separation enabled (as it is by default), most remote root exploits become remote exploits of the sshd user, which is considerably less serious. 3.4 added fixes for the real problems rather than just bandaging over them. However, 3.3 and I believe 3.4 both break certain parts of PAM support and various other things, at least when privilege separation is enabled. > Check www.slashdot.org for some information on it. That wouldn't be my first port of call for security information, I must say. :) -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
