> Now that 3.4p1 has been released, can we now safetly leave out the > --with-privsep* options?
You could leave it out, but quite honestly: You don't want to. Privilege separation is the *most* useful and best features in OpenSSH ever. To quote Theo de Raadt: Basically, OpenSSH sshd(8) is something like 27000 lines of code. A lot of that runs as root. But when UsePrivilegeSeparation is enabled, the daemon splits into two parts. A part containing about 2500 lines of code remains as root, and the rest of the code is shoved into a chroot-jail without any privs. This makes the daemon less vulnerable to attack. So you see that the privilege separation is something which you really should use now that it also works on RaQs with 2.2.X kernels. -- Mit freundlichen Gr��en / With best regards Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
