Bugtraq mailing list archives
Re: Kerberos security vulnerability in SSH-1.2.27
From: anne () SSH COM (anne () SSH COM)
Date: Fri, 7 Jul 2000 13:49:00 -0700
On Wed, Jul 05, 2000 at 03:34:30PM -0700, Kris Kennaway wrote:
I just noticed this myself - FreeBSD is considering dropping both ssh and ssh2 from ports now that we have OpenSSH. The message I'm getting here is that ssh.com don't want people using their code unless they pay license fees. Perhaps the ssh.com folks can confirm their intentions with the software as it relates to non-commerical use and inclusion in the open-source operating systems.
Not for non-commercial use. For non-commercial use, we have no problems with you running Secure Shell.
If you read the new license, it doesn't even give permission to *read* the code, let alone patch it, even for portability or bug fixes: "You may not: ... (ii) modify, translate, reverse engineer, decompile , disassemble or otherwise attempt to reconstruct or discover the source code of the Software (except to the extent applicab le laws specifically prohibit such restriction);..."
Actually, this shouldn't be the case at all. If our licensing is to restrictive for even patching the code, we need to resolve that. Please get back to me and let me know. Part of what makes Secure Shell nice to use is the fact that people do write patches for it (I even maintain a website for ssh patches, both SSH1 and SSH2). -Anne ------------------------------------------------------------------------- Anne Carasik | Economists state their GNP growth Principal Consultant | projections to the nearest tenth of SSH Communications Security, Inc. | a percentage point to prove they have Email: anne () ssh com | a sense of humor. -Edgar R. Fiedler ------------------------------------------------------------------------- Unless stated otherwise above, the opinions expressed herein are my own, not of my employer.
Current thread:
- Kerberos security vulnerability in SSH-1.2.27 Richard E. Silverman (Jun 30)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)
- Re: Kerberos security vulnerability in SSH-1.2.27 Dug Song (Jul 06)
- [RHSA-2000:041-02] man package's 'makewhatis' uses insecure handling of files in /tmp bugzilla () REDHAT COM (Jul 03)
- Re: Kerberos security vulnerability in SSH-1.2.27 Schlachter, Jake (Jul 05)
- Re: Kerberos security vulnerability in SSH-1.2.27 Atro Tossavainen (Jul 06)
- <Possible follow-ups>
- Re: Kerberos security vulnerability in SSH-1.2.27 anne () SSH COM (Jul 07)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)