Dailydave mailing list archives

Re: PrivSep

From: Damien Miller <djm () mindrot org>
Date: Thu, 21 Jun 2007 09:50:30 +1000 (EST)

On Wed, 20 Jun 2007, Sebastian Krahmer wrote:


Honestly, if someone owns your PrivSep'ed sshd remotely; with all the
kernel exploits once in a while; will this really protect you?


No, and Niels' original privsep paper made this quite clear. It does
reduce the risk a little: an attacker who has gained control over the
unprivileged process sees a smaller system attack surface than one 
who can open random /dev nodes, exec() setuid binaries, etc.

It rather adds a complexity which leads to comments such as
'Fix a bug in the sshd privilege separation monitor that weakened its 
verification of successful authentication. ...' in the ChangeLog.


Actually, it was item #1 on openssh-4.5's release notes and clearly
marked as a security bug - not buried in a Changelog.

-d
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

PrivSep Sebastian Krahmer (Jun 19)
- Re: PrivSep Darren Spruell (Jun 20)
  - Re: PrivSep Sebastian Krahmer (Jun 20)
    - Re: PrivSep Damien Miller (Jun 20)