Menu
▾
▴
[Sshguard-maintainers] recommendations: version and setuid
|
From: Mij <mi...@bi...> - 2007-03-15 01:22:17
|
dear maintainers, First of all, I would recommend anyone to use v. 0.91 for packaging, not 0.9. I am aware v. 0.9 has been "default download" up to recently; I just forgot to update the download page which is not automatic w/ new releases. Besides this, I am aware of an article at linux.com about sshguard http://www.linux.com/article.pl?sid=07/02/27/1957242 this also suggest to use v. 0.9 whereas 0.91 was already available at the time of writing. But there is another, major mistake in this article, because it suggests to make sshguard setuid. Besides the deep pointlessness of this, it opens a serious security threat, as any user can craft a couple of plaintext lines and give them to sshguard to block any IP address it likes. |