Mail Archives: cygwin/2006/03/28/10:32:24
On Tue, 28 Mar 2006, Corinna Vinschen wrote:
> On Mar 28 09:57, Igor Peshansky wrote:
> > All of the above will probably need to be suggested to the OpenSSH team
> > (preferably in the form of patches). Volunteers welcome (nudge-nudge,
> > wink-wink, Steve). :-)
>
> You don't seriously believe that stuff like that hasn't been already
> suggested a couple of times, do you? Read again what I said about
> the developers stance on security vs. performance and what I said about
> the HSN patch.
I did read it. The HSN patch is *much* more drastic than what I was
proposing. Maybe I'm dense, but I don't see any impact on security from
changing the buffer size (as long as buffer overflows are properly
addressed). After all, that buffer is used to store *encrypted* data,
right?
Well, one way to find out is to post an actual patch to the openssh list
and get flamed... :-) Perhaps one of these days I'll get a round tuit.
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu | igor AT watson DOT ibm DOT com
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -