FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-15-2010, 05:30 AM
Fajar Priyanto
 
Default OpenBSD rows. Is Centos affected?

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

Is CentOS affected?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-15-2010, 05:46 AM
John R Pierce
 
Default OpenBSD rows. Is Centos affected?

On 12/14/10 10:30 PM, Fajar Priyanto wrote:
> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
>
> Is CentOS affected?


its not clear yet if even OpenBSD is effected. be pretty hard to
imagine any such back door remaining in 10 year old code thats subject
to such rigorous security audits as OpenBSD

there's a lot that doesnt' jive. like, the encryption coding was all
done outside the USA so the encryption export laws in effect at the time
had no impact.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-15-2010, 11:45 AM
Nico Kadel-Garcia
 
Default OpenBSD rows. Is Centos affected?

On Wed, Dec 15, 2010 at 1:46 AM, John R Pierce <pierce@hogranch.com> wrote:
> On 12/14/10 10:30 PM, Fajar Priyanto wrote:
>> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
>>
>> Is CentOS affected?
>
>
> its not clear yet if even OpenBSD is effected. * be pretty hard to
> imagine any such back door remaining in 10 year old code thats subject
> to such rigorous security audits as OpenBSD
>
> there's a lot that doesnt' jive. * like, the encryption coding was all
> done outside the USA so the encryption export laws in effect at the time
> had no impact.

As someone contributing patches to the original SSH software and later
OpenSSH patches at the time, I've got to say "no, it wasn't". Patches
were accepted from anywhere. Carefully code reviewed, and many patches
rejected, but indeed accepted. My favorite rejected patch was the
"stop doing reverse DNS lookups, dang it!" patch. The only graceful
way to entirely turn it off is to set the SSH daemon to record a
maximum hostname length of zero, which is a very strange way to simply
disable that behavior. (It causes serious connection lag in networks
where you're unlikely to be able to get reliable reverse DNS, which is
far too common a setup issue.)

Patches aren't necessarily considered encryption.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-15-2010, 06:42 PM
Lamar Owen
 
Default OpenBSD rows. Is Centos affected?

On Wednesday, December 15, 2010 01:30:28 am Fajar Priyanto wrote:
> http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

See also
http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org