Dailydave mailing list archives
Re: PrivSep
From: Damien Miller <djm () mindrot org>
Date: Thu, 21 Jun 2007 09:50:30 +1000 (EST)
On Wed, 20 Jun 2007, Sebastian Krahmer wrote:
Honestly, if someone owns your PrivSep'ed sshd remotely; with all the kernel exploits once in a while; will this really protect you?
No, and Niels' original privsep paper made this quite clear. It does reduce the risk a little: an attacker who has gained control over the unprivileged process sees a smaller system attack surface than one who can open random /dev nodes, exec() setuid binaries, etc.
It rather adds a complexity which leads to comments such as 'Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. ...' in the ChangeLog.
Actually, it was item #1 on openssh-4.5's release notes and clearly marked as a security bug - not buried in a Changelog. -d _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- PrivSep Sebastian Krahmer (Jun 19)
- Re: PrivSep Darren Spruell (Jun 20)
- Re: PrivSep Sebastian Krahmer (Jun 20)
- Re: PrivSep Damien Miller (Jun 20)
- Re: PrivSep Sebastian Krahmer (Jun 20)
- Re: PrivSep Darren Spruell (Jun 20)