On 2008-03-05, steve szmidt <[EMAIL PROTECTED]> wrote: > The only things I use on these is pf and ssh, so I'm not concerned over some > third party app with whatever holes in the app. However it is still not a > default config.
You might like to note this from OpenSSH 3.9 (several years before the paper) which means that some of the techniques mentioned don't apply to sshd. * Make sshd(8) re-execute itself on accepting a new connection. This security measure ensures that all execute-time randomisations are reapplied for each connection rather than once, for the master process' lifetime. This includes mmap and malloc mappings, shared library addressing, shared library mapping order, ProPolice and StackGhost cookies on systems that support such things
