[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#189425: openssh: with default config, sshd fails on kernels other than Linux > 2.0

On Thu, Apr 17, 2003 at 06:24:24PM +0200, Robert Millan wrote:
> Package: openssh
> Version: unavailable; reported 2003-04-17
> Severity: normal
> As noted in the debconf template:
>   NB! If you are running a 2.0 series Linux kernel, then privilege
>   separation will not work at all, and your sshd will fail to start
>   unless you explicitly turn privilege separation off.
> I suggest that defaults are reverted for both when sshd_config needs
> to be generated in postinst and when sshd_config is taken from the
> packaged file, so that any kernel other than Linux later than 2.0
> gets a default config without priviledge separation.

Now that we've gone to all the effort of introducing it, I do think that
the default should be to enable privilege separation; the cases where
it's a problem are exceptions (PAM is still a problem, but I think
that's going to be improved upstream soon). We could turn it off for
some specific known cases, though. If you could provide a reasonably
reliable way to identify them then that would be helpful.

However, if at all possible I'd prefer to fix privsep.

> On the non-linux ports: note that priviledge separation is not supported
> on GNU, and will probably never be, since it has a different concept of
> user priviledges.

I don't understand why. Privilege separation just requires a separate
user and group which is used for processing network data, the ability
for sshd running as root to setuid(), setgid(), and setgroups() to that
user and group, and an empty chroot. I didn't think GNU was so different
that this would be unavailable; in fact, I would expect all of these
features to be available on any Debian system. The reason why privilege
separation doesn't work on Linux 2.0 was originally due to the lack of
anonymous memory mapping, and now that that has been worked around it's
due to a simple bug (#150976).

Could you please explain the problem on GNU in more detail?

> I'm not sure about the *BSD ports.

Since privilege separation was developed on BSD, it seems highly likely
that the BSD ports will support it.


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: