Vulnerability Development mailing list archives
RE: OpenSSH Vulns (new?) Priv seperation
From: Peter Mueller <pmueller () sidestep com>
Date: Wed, 26 Jun 2002 12:56:32 -0700
"However, with privileges separation turned on, you are immune from at least one remote hole." at least one? Jesus how many are there? any information would be appreciated.... -wire
" Basically, OpenSSH sshd(8) is something like 27000 lines of code. A lot of that runs as root. But when UsePrivilegeSeparation is enabled, the daemon splits into two parts. A part containing about 2500 lines of code remains as root, and the rest of the code is shoved into a chroot-jail without any privs. This makes the daemon less vulnerable to attack. " reducing root-run code from 27000 to 2500 lines is the important part. who cares how many holes there are when it is in /var/empty/sshd chroot with no possibility of root :) Peter PS - agreed that his choice of wording is "interesting"...
Current thread:
- OpenSSH Vulns (new?) Priv seperation wirepair (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Valdis . Kletnieks (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation John Madden (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Jose Nazario (Jun 26)
- Re: OpenSSH Vulns (new?) Priv seperation Michael Greenberg (Jun 28)
- <Possible follow-ups>
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Jun 26)
- RE: OpenSSH Vulns (new?) Priv seperation Michal Zalewski (Jun 26)