Re: ssh difference v3.3 vs. 3.4 ???
Bill =>
Thank you, for your participation . . .
Bill Moseley wrote:
>
> At 03:32 PM 06/26/02 -0500, Michael D. Schleif wrote:
> >This is what really, really confuses me !!!
> >
> >What is ``privilege separation'' ???
> >
> >Where is it documented? (Not in the manpages, locally nor
> ><http://www.openbsd.org/cgi-bin/man.cgi?query=ssh> nor
> ><http://www.openbsd.org/cgi-bin/man.cgi?query=sshd>) . . .
>
> man sshd_config and look for UsePrivilegeSeparation
UsePrivilegeSeparation
Specifies whether sshd separates privileges by creating an
unprivileged child process to deal with incoming network
traffic.
After successful authentication, another process will be
created
that has the privilege of the authenticated user. The goal
of
privilege separation is to prevent privilege escalation by
con
taining any corruption within the unprivileged processes.
The
default is ``yes''.
BSD September 25,
1999 BSD
So, if I understand this, UsePrivilegeSeparation has been there for
quite sometime; and, the default being ``yes'', it's been ON for several
years -- especially in light of my systems having _no_ entry, therefore
defaulting to ``yes''.
Is this correct?
If so, then what is new about this? Has UsePrivilegeSeparation been
*fixed* in v3.3/3.4 ???
If this is the default, and has been for several years, then what is new
with this hullabaloo?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: