Hi,
relayd uses privsep to mitigate the risk of potential attacks.
OpenSSL's SSL code wasn't designed with privsep in mind. We already
have a hack to load the keys and certificates in the parent process
and to send them via imsg to the chroot'ed relays; OpenSSL normally
wants to load them from
Quoting Theo de Raadt dera...@cvs.openbsd.org:
If tomorrow Damien or I had to announce a major OpenSSH hole, how
screwed would the Internet be?
Would you mind clarifying this a bit? Was the post strictly a
(justified) comment about the lack of funding, or should we be
anticipating another
On Wed, Apr 09, 2014 at 02:49:21PM -0600, Devin Reade wrote:
Quoting Theo de Raadt dera...@cvs.openbsd.org:
If tomorrow Damien or I had to announce a major OpenSSH hole, how
screwed would the Internet be?
Would you mind clarifying this a bit? Was the post strictly a
(justified) comment
Thanks for the clarification.
I would also like to thank whomever for the extra descriptive text on
the openssl patch issued the other day. Having the clarification on
the (non)impact on OpenSSH right in the patch was good ...
Devin
On 04/09/14 16:49, Devin Reade wrote:
Quoting Theo de Raadt dera...@cvs.openbsd.org:
If tomorrow Damien or I had to announce a major OpenSSH hole, how
screwed would the Internet be?
Would you mind clarifying this a bit? Was the post strictly a
(justified) comment about the lack of funding,
Thanks for the clarification.
I would also like to thank whomever for the extra descriptive text on
the openssl patch issued the other day. Having the clarification on
the (non)impact on OpenSSH right in the patch was good ...
You are welcome. Stuart Henderson wrote the draft, but he forgot
