Em 23-07-2015 16:43, Garance A Drosehn escreveu: > As noted in my message, I did actually test it on a variety of systems.
You mentioned FreeBSD boxes and a Mac. That ain't a variety of systems. > I happened to avoid it on my systems, but that was more by luck than > any cleverness on my part. This says a lot about you. > > The original post wondered if this was some mis-timed April Fool's > joke. My reply was just to say that it's a real issue, although > many people won't see this issue due to the way sshd is configured > on their systems. You were condescending, admit it. Quoting you: "I'm also told that there is a patch for the oversight in OpenSSH's code" There was no oversight. There were people using the OpenSSH code in unintended ways. The OpenSSH portable is only provided by the OpenSSH project because there are developers that care for it. People should stop being lazy and use OpenSSH as close as upstream as possible and even better, with no portable "glue" code. You don't need PAM, specially if you're using PubKeyAuthentication. If you must use OpenSSH portable, at least bother enough to secure it. The patch wasn't provided because of a bug in OpenSSH code, it was provided because people are lazy, and wouldn't fix their own PAM configuration. Cheers, Giancarlo Razzolini
