OpenSSL Security Advisory [11 Jun 2015]
Carmel NY
carmel_ny at outlook.com
Sat Jun 13 15:01:22 UTC 2015
On Sat, 13 Jun 2015 14:48:04 +0200, Michelle Sullivan stated:
>Carmel NY wrote:
>> On Sat, 13 Jun 2015 12:36:44 +0100, Matt Smith stated:
>>
>>
>>> The other alternatives are as you say, put /usr/local/bin before
>>> /usr/bin in the $PATH. Or add an alias for commands like ssh to point to
>>> the ports version. These methods aren't quite as clean though.
>>>
>>
>> Swapping the PATH can, in a few instances, really mess up attempting to
>> build a port. I finally gave up and used the "alias" idea for openssl. It
>> appears to work Okay.
>>
>>
>From a security aspect...
>
>Do all your users alias? (assumption: its more than just you on the system)
>Do you check the alias is set everytime you login to a session?
>If you change to another shell for any reason is the alias persistent?
>(eg as root (defaults to csh) some times I have to do: sh -c 'for a in x
>y z ; do ( cd ${a} && rsync -e ssh remote.server:/path ) ; done' ) - and
>do other users know that this would be wrong?
>
>See the point I mean?
>
>For the security conscious one would know to use the full path of ssh,
>most do not do this... a large percentage have no idea that they would
>even need to let alone remember.
>
>Regards,
>
>Michelle
>
>PS: There is a workaround for ssh clients in /etc/ssh/ssh_config to stop
>it falling back to "insecure" protocols - though every freebsd-update
>attempts to change this file back to the default... fortunately I have
>puppet to reset the file in the event of me missing the update/reset.
alias openssl='/usr/local/bin/openssl'
I use bash as my shell. I have this set in the ~/.bashrc file:
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
else
##
fi
the ~/.bashrc file contains all of my predefined aliases.
$ openssl version
OpenSSL 1.0.2c 12 Jun 2015
# openssl version
OpenSSL 1.0.2c 12 Jun 2015
$ sudo openssl version
OpenSSL 1.0.1l-freebsd 15 Jan 2015
I probably should find a way to fix the "sudo" command; however, since I
rarely use it, I don't know if I will bother.
For all practical purposes, I am the only user of the system.
--
Carmel
More information about the freebsd-ports
mailing list