FreeBSD Security Advisory FreeBSD-SA-03:08.realpath

Jacques A. Vidrine nectar at
Mon Aug 4 15:20:25 PDT 2003

On Tue, Aug 05, 2003 at 12:10:14AM +0200, Troels Holm wrote:
> Jacques A. Vidrine wrote:
> > The realpath.c that is distributed with OpenSSH-portable and found in
> > our CVS tree as /usr/src/crypto/openssh/openbsd-compat/realpath.c is
> > not used.
> Just for the record :=)
> What u say is that the advisory is in error and my "sftp-server" is _not_
> affected?  Or are you just saying that sftp isnt using the realpath.c from
> OpenSSH?

The latter.

sftp-server *is* affected, just as it says in the advisory.

But OpenSSH as bundled with FreeBSD uses realpath(3) from libc,
not from src/crypto/openssh/openbsd-compat/realpath.c, and so (in
answer to the question by a previous poster) that file does not need

Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
nectar at . jvidrine at . nectar at . nectar at

More information about the freebsd-security mailing list