Re: OpenSSH 8.7p1 update for the base system

Reply: Ed Maste : "Re: OpenSSH 8.7p1 update for the base system"
In reply to: Ed Maste : "OpenSSH 8.7p1 update for the base system"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Benjamin Kaduk <kaduk_at_mit.edu>
Date: Sun, 05 Sep 2021 04:04:07 UTC

Hi Ed,

I'm not sure whether this would be something for the release notes or not,
but I believe that making privilege separation mandatory causes GSSAPI
credential delegation to essentially not work.  (There are several pieces
that interact to make this happen, and I don't expect you to do any work to
try to fix it; this would just be a question of whether any documentation
of the change should occur.)

-Ben

On Sat, Sep 04, 2021 at 11:59:06AM -0400, Ed Maste wrote:
> I'm preparing to update OpenSSH in the FreeBSD base system to 8.7p1,
> and am sharing an initial patch for testing.
> 
> The update is available from a branch in my github repo:
> https://github.com/emaste/freebsd/tree/openssh-8.7p1-wip
> (commit 0afe07936bbd37a1b91ead95f580c47ccc16df79)
> 
> Also as a diff against main:
> https://people.freebsd.org/~emaste/openssh/FreeBSD-base-openssh-8.7p1-20210904-114623.diff
> 
> In addition I have a review open in Phabricator, although it is quite
> awkward to usefully review a vendor update presented like this.
> https://reviews.freebsd.org/D29985
> 
> If you give it a try please let me know what you've tested out.
>