Re: OpenSSH b0rked (was RE: Problems with IPFW patch)

From: Kris Kennaway (kris@FreeBSD.ORG)
Date: 01/26/01 

Date: Fri, 26 Jan 2001 14:06:55 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Matt Dillon <dillon@earth.backplane.com>

On Fri, Jan 26, 2001 at 01:53:21PM -0800, Matt Dillon wrote:
> :I would ask, that in -STABLE at least, the fatal error be backed
> :out to a warning, at least for a few months (with sshd ignoring the
> :directive, and continuing to run), and then only move to a fatal
> :error + die.
> :
> :-aDe
> :
> :--
> :Ade Lovett, Austin, TX. ade@FreeBSD.org
> :FreeBSD: The Power to Serve http://www.FreeBSD.org/
>
> I second this request. It also happened when pam.conf/ssh changed.
> Only the serial console saved me from a car trip to one of my
> colocated machines. Two such changes in a row for ssh is too much.

Well, *that* one was unavoidable; sshd now uses PAM by default. You
must have tried hard to not notice the upgrade requirement; it was
documented in the commit log, on the mailing lists, in
/usr/src/UPDATING and would have been caught by mergemaster if you had
run it after your build.

Kris

P.S. green is doing OpenSSH thesedays, he's the person you need to
speak to if you have suggestions. 

-- 
NOTE: To fetch an updated copy of my GPG key which has not expired,
finger kris@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: OpenSSH b0rked (was RE: Problems with IPFW patch)
    ... >:I would ask, that in -STABLE at least, the fatal error be backed ... >:out to a warning, at least for a few months (with sshd ignoring the ... > colocated machines. ... Killing off sshd obviously makes remote admin a real problem, ...
    (FreeBSD-Security)
  • Re: RFC: mistaken regexps: should they be fatal?
    ... I added a warning to the development gawk as follows: ... about whether this kind of thing should be a fatal error; ... A fatal error seems to me to be a harsh awk reaction in this case. ...
    (comp.lang.awk)
  • Re: how to organize my main file ?
    ... This is to print a warning - the line where it occured, ... Generally failure to obtain critical resources ... insufficient to terminate the program. ... the program intact can be just a "warning" while a fatal error is one ...
    (comp.lang.c)
  • Re: Unrecognized escape sequences in string literals
    ... Isn't that a warning, not a fatal error? ... Should I assume that Microsoft's C++ compiler treats it as an error, ... a s rin\g with escapes ...
    (comp.lang.python)
  • Sendmail 8.12 SCO OS5.0.7
    ... line 2615: warning: type does not match prototype: pid ... *** Error code 1 (bu21) ... UX:make: ERROR: fatal error. ...
    (comp.unix.sco.misc)