Re: Bug#189425: openssh: with default config, sshd fails on kernels other than Linux > 2.0

[neal@cs.uml.edu (Neal H. Walfield)]

> I don't understand why. Privilege separation just requires a separate
> user and group which is used for processing network data, the ability
> for sshd running as root to setuid(), setgid(), and setgroups() to that
> user and group, and an empty chroot. I didn't think GNU was so different
> that this would be unavailable; in fact, I would expect all of these
> features to be available on any Debian system. 

[snip]

> Could you please explain the problem on GNU in more detail?

There should be no reason (barring bugs) why privilege separation
should not work on a Hurd based system.  I believe the objection is
that there is a better method on GNU.  This method would involve an
enhanced password server and ssh dropping all privileges on startup.
Thus when it interacted with the user (e.g. negotiated the connection
and obtained the required data for authentication), it would be less
than the other user.  Once it had obtained the authentication data, it
would contact the password server to attempt to gain authorization.

Take a look at this slide [1] and the eight following it.  They
address ftp and not ssh, however, the same principle would be used.


[1] http://web.walfield.org/papers/hurd-conference-ccc-20011228/html/mgp00014.html