[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Debian openssh option review: considering splitting out GSS-API key exchange
From:       Marc Haber <mh+debian-devel () zugschlus ! de>
Date:       2024-04-02 11:30:43
Message-ID: E1rrcLj-00000000PhY-0uI1 () swivel
[Download RAW message or body]

On Tue, 2 Apr 2024 01:30:10 +0100, Colin Watson <cjwatson@debian.org>
wrote:
>We carry a patch to restore support for TCP wrappers, which was dropped
>in OpenSSH 6.7 (October 2014); see
>https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
>and thread.  That wasn't long before the Debian 8 (jessie) freeze, and
>so I patched it back in "temporarily", but then I dropped the ball on
>organizing a proper transition. 

Please don't drop the mechanism that saved my ¹ unstable installations
from being vulnerable to the current xz-based attack. Just having to
dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
maintain a packet filter.

Greetings
Marc

 ¹ and probably thousands others
-- 
----------------------------------------------------------------------------
Marc Haber         |   " Questions are the         | Mailadresse im Header
Rhein-Neckar, DE   |     Beginning of Wisdom "     | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

[prev in list] [next in list] [prev in thread] [next in thread]