since OpenSSH sits on the OpenBSD server, has anyone else checked the sigs of any of the obsd stuff? * Ron DuFresne (dufresneat_private) tapped away like a .......: > > Your safest bet is going to be to get new clean source, it's supposed to > have been updated today and recompile and push it out. The trojaned code > is supposed to have hit the openssh site withn the last 2-3 days, limiting > the exposure to only those that in that time frame scarfed up the trojaned > code. Analysis of the trojaned codes seems to indicate this nasty runs in > the background all the while the trojaned sshd is up, so, I would get new > source and recompile and push. Far better to be safe than sorry. > > Thanks, > > Ron Dufresne > > > On Thu, 1 Aug 2002, Steve Wright wrote: > > > > > Hello, > > > > I'm no programmer so I'm hoping someone can confirm this for me.. > > I am correct in thinking the trojan currently in OpenSSH portable 3.4p1 only > > runs during compilation ? > > > > ie a copy of ssh compiled using this source will not have anything nasty > > build into it ? > > > > Thanks, > > Steve. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. >
This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 12:17:13 PDT