FreeBSD Security Advisory FreeBSD-SA-03:08.realpath
Jacques A. Vidrine
nectar at FreeBSD.org
Mon Aug 4 15:20:25 PDT 2003
On Tue, Aug 05, 2003 at 12:10:14AM +0200, Troels Holm wrote:
> Jacques A. Vidrine wrote:
> > The realpath.c that is distributed with OpenSSH-portable and found in
> > our CVS tree as /usr/src/crypto/openssh/openbsd-compat/realpath.c is
> > not used.
>
> Just for the record :=)
> What u say is that the advisory is in error and my "sftp-server" is _not_
> affected? Or are you just saying that sftp isnt using the realpath.c from
> OpenSSH?
The latter.
sftp-server *is* affected, just as it says in the advisory.
But OpenSSH as bundled with FreeBSD uses realpath(3) from libc,
not from src/crypto/openssh/openbsd-compat/realpath.c, and so (in
answer to the question by a previous poster) that file does not need
patching.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list