[Twisted-Python] Developer Security Notice
Glyph Lefkowitz
glyph at twistedmatrix.com
Tue Jun 25 07:26:16 MDT 2002
Due to a potentially major security hazard, ssh has been shut down on
twistedmatrix.com until further notice. There has been a discovery of a remote
root exploit, but Theo de Raadt has mysteriously refrained from actually
providing evidence of this exploit or a patch to fix it. There is currently a
half-solution to the exploit, but it requires breaking substantial amounts of
functionality, and creating other administrative problems. Surprisingly
(Theo's great, ain't he?) the workaround only works correctly on OpenBSD.
Additionally, from what I understand, this does not prevent gaining access,
only escalating privileges to root level.
More information is here:
http://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00046.html
Until some more information arrives about this, please use anonymous pserver
access for check-outs from CVS, and mail me patches if you have anything you
really want to get committed. (PGP signed, please.) I am currently working on
a shell client and server for Twisted that we can use to work around problems
with CVS. (Working title: TRASH, the Twisted Remote Access SHell).
If you require shell access to Zaibach, I have installed telnetd-ssl. (Debian
users: apt-get install telnet-ssl; this will replace your existing 'telnet'
binary).
--
| <`'> | Glyph Lefkowitz: Traveling Sorcerer |
| < _/ > | Lead Developer, the Twisted project |
| < ___/ > | http://www.twistedmatrix.com |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: </pipermail/twisted-python/attachments/20020625/7da55ccd/attachment.sig>
More information about the Twisted-Python
mailing list