[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh difference v3.3 vs. 3.4 ???

Bill =>

Thank you, for your participation . . .

Bill Moseley wrote:
> 
> At 03:32 PM 06/26/02 -0500, Michael D. Schleif wrote:
> >This is what really, really confuses me !!!
> >
> >What is ``privilege separation'' ???
> >
> >Where is it documented?  (Not in the manpages, locally nor
> ><http://www.openbsd.org/cgi-bin/man.cgi?query=ssh> nor
> ><http://www.openbsd.org/cgi-bin/man.cgi?query=sshd>) . . .
> 
> man sshd_config and look for UsePrivilegeSeparation

UsePrivilegeSeparation
             Specifies whether sshd separates privileges by creating an
             unprivileged child process to deal with incoming network
traffic.
             After successful authentication, another process will be
created
             that has the privilege of the authenticated user.  The goal
of
             privilege separation is to prevent privilege escalation by
con­
             taining any corruption within the unprivileged processes. 
The
             default is ``yes''.

BSD                           September 25,
1999                           BSD


So, if I understand this, UsePrivilegeSeparation has been there for
quite sometime; and, the default being ``yes'', it's been ON for several
years -- especially in light of my systems having _no_ entry, therefore
defaulting to ``yes''.

Is this correct?

If so, then what is new about this?  Has UsePrivilegeSeparation been
*fixed* in v3.3/3.4 ???

If this is the default, and has been for several years, then what is new
with this hullabaloo?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: