On Fri, 2002-02-08 at 07:46, Borsenkow Andrej wrote: > * Thu Feb 7 2002 Vincent Danen <[EMAIL PROTECTED]> 3.0.2p1-3mdk > - disable agent forwarding by default > > Why? Can you explain security hole here? >
1. It's not vital to the service 2. Packet forward or tunneling of any kind can introduce holes and ways of circumvention 3. Past has shown that openssh, though well audited, can be, was, and will surely be again vulnerable to attacks, this includes attacks against agent forwarding. Of course, this is _my_ explanation for such a choice, and a good choice IMHO. In other words, Danen, may want to voice yourself ; ) -- Bryan Paxton Public PGP key: http://www.deadhorse.net/bpaxton.gpg "Winning gives birth to hostility. Losing, one lies down in pain. The calmed lie down with ease, having set winning & losing aside." Dhp. 201
