Vulnerability Development mailing list archives
RE: OpenSSH Vulns (new?) Priv seperation
From: Peter Mueller <pmueller () limba sk>
Date: Thu, 03 Oct 2002 05:36:39 +0200 (MEST)
"However, with privileges separation turned on, you are immune from at least one remote hole." at least one? Jesus how many are there? any information would be appreciated.... -wire
" Basically, OpenSSH sshd(8) is something like 27000 lines of code. A lot of that runs as root. But when UsePrivilegeSeparation is enabled, the daemon splits into two parts. A part containing about 2500 lines of code remains as root, and the rest of the code is shoved into a chroot-jail without any privs. This makes the daemon less vulnerable to attack. " reducing root-run code from 27000 to 2500 lines is the important part. who cares how many holes there are when it is in /var/empty/sshd chroot with no possibility of root :) Peter PS - agreed that his choice of wording is "interesting"...
Current thread:
- RE: OpenSSH Vulns (new?) Priv seperation Peter Mueller (Oct 03)
- Re: OpenSSH Vulns (new?) Priv seperation Filipe Almeida (Oct 04)
- Re: OpenSSH Vulns (new?) Priv seperation Markus Friedl (Oct 08)
- Re: OpenSSH Vulns (new?) Priv seperation Filipe Almeida (Oct 04)