Thank you for the helpful, and insightful, reply. I'll have to recompile the new version this evening, I should have waited the extra day as I just updated OpenSSL and installed OpenSSH last night. *laughs*
Cheers! ----- Original Message ----- From: Michael Stauber <[EMAIL PROTECTED]> Date: Wednesday, June 26, 2002 2:48 pm Subject: Re: [cobalt-security] Significant OpenSSH Vulnerability ?? > > Now that 3.4p1 has been released, can we now safetly leave out the > > --with-privsep* options? > > You could leave it out, but quite honestly: You don't want to. > Privilege > separation is the *most* useful and best features in OpenSSH ever. > > To quote Theo de Raadt: > > Basically, OpenSSH sshd(8) is something like 27000 lines of code. A > lot of that runs as root. But when UsePrivilegeSeparation is enabled, > the daemon splits into two parts. A part containing about 2500 lines > of code remains as root, and the rest of the code is shoved into a > chroot-jail without any privs. This makes the daemon less vulnerable > to attack. > > So you see that the privilege separation is something which you > really should > use now that it also works on RaQs with 2.2.X kernels. > > -- > > Mit freundlichen Gr��en / With best regards > > Michael Stauber > [EMAIL PROTECTED] > Unix/Linux Support Engineer > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
