Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath

• Previous message: Troels Holm: "Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
• In reply to: Troels Holm: "Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
• Next in thread: Jacques A. Vidrine: "IMPORTANT FOR lukemftpd USERS (was Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 4 Aug 2003 17:20:23 -0500
To: Troels Holm <th@cogito.dk>

On Tue, Aug 05, 2003 at 12:10:14AM +0200, Troels Holm wrote:
> Jacques A. Vidrine wrote:
> > The realpath.c that is distributed with OpenSSH-portable and found in
> > our CVS tree as /usr/src/crypto/openssh/openbsd-compat/realpath.c is
> > not used.
>
> Just for the record :=)
> What u say is that the advisory is in error and my "sftp-server" is _not_
> affected? Or are you just saying that sftp isnt using the realpath.c from
> OpenSSH?

The latter.

sftp-server *is* affected, just as it says in the advisory.

But OpenSSH as bundled with FreeBSD uses realpath(3) from libc,
not from src/crypto/openssh/openbsd-compat/realpath.c, and so (in
answer to the question by a previous poster) that file does not need
patching.

Cheers,

-- 
Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Troels Holm: "Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
• In reply to: Troels Holm: "Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
• Next in thread: Jacques A. Vidrine: "IMPORTANT FOR lukemftpd USERS (was Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath ... > impacted....And its a part of OpenSSH. ... Jacques Vidrine. ... To unsubscribe, ... (FreeBSD-Security) Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh ... >> since by default the root user has csh. ... Jacques Vidrine. ... FreeBSD UNIX ... (FreeBSD-Security) Re: HEADS UP: libkse -> libpthread switch ... On Fri, Jan 30, 2004, Scott Long wrote: ... > Jacques A. Vidrine wrote: ... > We certainly are not going to ship 5.3 like this. ... (freebsd-current) Re: __TIME_MIN/__TIME_MAX ... "Jacques A. Vidrine" wrote: ... > In at least one place in libc, it is necessary to range check a time_t ... One most platforms, time_t has the same range as `int', but ... (freebsd-arch) Re: latest openssl vulnerability ... > Jacques A. Vidrine wrote: ... the bug is in libssl. ... > Lev Walkin ... (FreeBSD-Security)