SSL and SSH

[Brian Densmore]

Static linking is generally a very bad thing. Think about all those
applications out there that are static linked to zlib 1.1.3. They all
now have to be recompiled with zlib 1.1.4 to fix the "double free" root
exploit. Anyone figured out how to use it yet? Please don't post it, if
you have. I am just wondering. I haven't figured out a way to exploit
from an external machine. I could write a program to do it, but then the
problem is to get it on to a box and then execute it. I'm not sure how
you would do it without putting your own trojan on the box first. So you
would have to have an exploit to exploit the exploit!? That new PHP
exploit actually sounds rather bad though.

Brian

> -----Original Message-----
> From: JD Runyan [mailto:Jason.Runyan at nitckc.usda.gov]
> Sent: Thursday, March 21, 2002 11:41 AM
> To: KCLUG (E-mail)
> Subject: Re: SSL and SSH
> 
> 
> You can compile it with static linking of the ssl libraries, 
> but I think you
> would have to use another machine to generate keys.
> On Mar 21 11:13, Brian Densmore wrote:
> > ssh depends on ssl. Can't install ssh if you don't have 
> ssl. At least
> > none of the versions I have ever seen let you. I'd be interested in
> > knowing of anyone who has installed ssh without ssl. Not that I
> > recommend it.
> > 
> > > -----Original Message-----
> > > From: Jonathan Hutchins [mailto:hutchins at opus1.com]
> > > Sent: Thursday, March 21, 2002 11:08 AM
> > > To: Brian Densmore; KCLUG (E-mail)
> > > Subject: Re: Permissions Question
> > > 
> > > 
> > > ----- Original Message ----- 
> > > From: "Brian Densmore" <DensmoreB at ctbsonline.com>
> > > 
> > > 
> > > > Install openssl and openssh. 
> > > 
> > > You explain what Seth will be doing with SSH, but why does he 
> > > need ssl too?
> > > 
> > > 
> > 
> > 
> majordomo at kclug.org
> 
> -- 
> JD Runyan
> Mid-Range Systems Administrator
> USDA NITC Kansas City
> 
> 
> majordomo at kclug.org
>