Vulnerability Development mailing list archives

Re: OpenSSH Vulns (new?) Priv seperation

From: "Michael Greenberg" <greenberg () nji com>
Date: Thu, 27 Jun 2002 15:08:57 -0400

"However, with privileges separation turned on, you are 
immune from at least one remote hole."
at least one? Jesus how many are there? any information 
would be appreciated....
-wire


I think he means to imply that with UsePrivilegeSeparation, you'll be 
immune to unknown bugs in the nearly twenty-five thousand lines of non-
root code.

I would liken this to Apache, running as 'nobody' or a separate user, 
as compared with IIS, running as 'System'.  It's a Good Thing.

Michael.

Current thread:

OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
  - RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)