Re: No Subject (re: openssh exploit code?)

[Richard Massa <rmassa () unixboxen net>]

So I know of a way to patch openssh without "taking the server down", but that 
would improve efficiency and generally be useful knowledge to the security
community so I'm not going to tell anyone about it on this full disclosure
mailing list, I'd rather just flaunt my knowledge and gloat secretly how I've 
got everyone all huffed up about it...  If YOU don't know how to do it,
obviously YOU shouldn't be running openssh. because you are an idiot.

Oh wait, my name isn't Mitch...

Okay, I realize I'm picking nits here, but everyone is talking about "taking
their systems down" to patch openssh.  I realize you guys are talking in a more
general sense, but you don't have to take sshd down (and sever all connected
clients) to patch it.  Simply install the new version by whatever method you
use and kill and restart the master sshd process.  Easily scriptable, no
downtime required, doesn't kick anyone off, including that professor who's had
his model running for 20 days remotely via ssh...


-- 
"Sonny Bono Copyright Term Extension Act... The meaning is: No one can do to
the Disney Corporation what Walt Disney did to the Brothers Grimm."
                                                                                                        -Lawrence Lessig

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html