[Developers] New version with security fix (token implementation)

Eric Warnke ericew at gmail.com
Wed Aug 22 17:45:22 CEST 2007 

No, tunnel runnel will take a few weeks and I'm heading off for
vacation on Saturday as well ( 2 weeks ).

I recommend pulling the suid root bit and explaining in the release
notes how to re-enable the bits ( for the time being ).

I will merge down a subset of changes from my branch, build, and test
and then commit back up in a few hours.  Unfortunatly the changes
touched many of the same files so it's going to be fun merging them.

-Eric

On 8/22/07, Bart Matthaei <bart at sshkeychain.org> wrote:
> By all means, but I was planning on making a security release BEFORE
> my holiday (which starts next saturday),
> so do you think we have enough time to test your fixes too?
>
> Is the TunnelRunner fix in there too?
>
> B.
>
> On 22-aug-2007, at 17:27, Eric Warnke wrote:
>
> > Bart,
> >
> > Do you mind if pull over a handful of fixes from my branch if you are
> > doing a release?  Specifically the screensaver, keychain handling
> > updates, and the key timeout threading fixes?  I think my new
> > ssh-agent code needs a little more time to bake.
> >
> > -Eric
> >
> >
> > On 8/22/07, Bart Matthaei <bart at ambrero.nl> wrote:
> >> p.s. token creation is done in a fairly easy fasion (reading 99 bytes
> >> from /dev/urandom
> >> and converting them to ascii characters between 33 and 126 so getenv
> >> () / setenv() doesn't screw up).
> >>
> >> feel free to enhance it, but imho it should be sufficient the way
> >> it is.
> >>
> >> On 22-aug-2007, at 17:03, Bart Matthaei wrote:
> >>
> >>> Hi guys,
> >>>
> >>> i've committed my latest code. It includes a TokenController which
> >>> handles creation and validation of tokens.
> >>>
> >>> Attached is a build. If all works well we can send it out to users@
> >>> tomorrow and ask them to test it.
> >>>
> >>> Cheers,
> >>>
> >>> Bart
> >>> <SSHKeychain.zip>
> >>>
> >>>
> >>> --
> >>> Bart Matthaei                                       bart at ambrero.nl
> >>>
> >>> Ambrero Software
> >>> http://www.ambrero.nl/
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> developers mailing list
> >>> developers at sshkeychain.org
> >>> http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
> >>
> >> --
> >> Bart Matthaei                                       bart at ambrero.nl
> >>
> >> Ambrero Software
> >> http://www.ambrero.nl/
> >>
> >>
> >>
> >> _______________________________________________
> >> developers mailing list
> >> developers at sshkeychain.org
> >> http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
> >>
> > _______________________________________________
> > developers mailing list
> > developers at sshkeychain.org
> > http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
> >
>
> --
> Bart Matthaei                                       bart at ambrero.nl
>
> Ambrero Software
> http://www.ambrero.nl/
>
>
>
> _______________________________________________
> developers mailing list
> developers at sshkeychain.org
> http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
>

More information about the developers mailing list