Mailing List Archive

http://bugzilla.mindrot.org/show_bug.cgi?id=868

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX



------- Additional Comments From djm@mindrot.org 2004-05-17 23:35 -------
I don't think so - these are a Linuxism with would require addition of a bit of
complexity. Besides, I don't think it is a good idea to advertise one's kernel
version and machine architecture to a potential attacker.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From floeff@arcor.de 2004-05-17 23:45 -------
It would be very practical to show some important information to SSH users.
/etc/issue.net can contain some other stuff than kernel information as well :)

At least please provide an OpenSSH-unique format for displaying this
information, e.g. with $kernelver, $architecture, etc. in the OpenSSH banner file.

Regarding the disclosure of information to remote users: Please also have a look
at bug 764



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From djm@mindrot.org 2004-05-18 00:14 -------
If you read bug #764, you will see that it is information disclosure that is
required for compatibility. We would probably like to get rid of it one day, but
not until the protocol is published as an RFC and not before we are willing to
give up compatibility with pre-RFC versions.

Back to this bug: I don't see any benefit in adding complexity to sshd to allow
users to disclose more information. If you really want to make this information
public, why not autogenerate issue.net at boot time? (OpenBSD does just this
with /etc/motd)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From jason@devrandom.org 2004-05-18 02:44 -------
Also, keep in mind that Linux itself has three different "standard" getty
applications - mingetty, mgetty and agetty. All three take different escape
sequences for /etc/issue*. And all of the escape sequences contain info that's
pretty easily gleaned from perl or another scripting language of choice to
generate at boot or at intervals.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From floeff@arcor.de 2004-05-18 02:54 -------
Ok, acknowledged ;)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.