On Sat, Mar 03, 2007 at 08:46:28PM -0800, Steve Langasek wrote: > The description of this bug in the upstream changelog is: > > - Security: dbclient previously would prompt to confirm a > mismatching hostkey but wouldn't warn loudly. It will now > exit upon a mismatch. > > Why should "it didn't warn loudly" be a grave security bug? Isn't any sort > of prompt already a pretty loud warning in terms of user experience? Did > the prompt fail to mention that there was a key mismatch somehow?
It doesn't report the key mismatch, the prompt is the same for an unknown host and a mismatched host. Unknown host: $ dbclient localhost Host 'localhost' is not in the trusted hosts file. (fingerprint md5 95:9e:e8:cc:05:51:77:de:69:5d:2d:39:cf:c7:a1:75) Do you want to continue connecting? (y/n) After adding and altering the key in ~/.ssh/known_hosts, mismatched host: $ dbclient localhost Host 'localhost' is not in the trusted hosts file. (fingerprint md5 95:9e:e8:cc:05:51:77:de:69:5d:2d:39:cf:c7:a1:75) Do you want to continue connecting? (y/n) This is definitely wrong information. I would like to see this fixed in etch (and sarge), and now realize that uploading the new upstream version wasn't the right thing. Do you agree with an upload of 0.48.1-2 with a fix to this bug only to t-p-u? Thanks, Gerrit. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
