On tisdagen den 13 augusti 2002 00.50 Vincent Danen wrote: > On Sun Aug 11, 2002 at 02:26:39PM -0400, Oden Eriksson wrote: > > [...] > > > > > Or perhaps just ignore the privsep bsd shit and continue as before?, > > > > the huge security hole is gone anyway... > > > > > > That's the problem.. you can't. Disabling privsep doesn't remove it > > > from the code. The introduction of privsep changed some of the > > > fundamental code in openssh; as it's been pointed out before, password > > > aging just doesn't work period in openssh right now, regardless of > > > whether privsep is enabled or not. So, to continue on as before, > > > would be to downgrade openssh to a pre-privsep version. > > > > Yes I just checked the code and it's pretty hard to remove it, and theo > > would probably not approve ;) > > No, Theo wouldn't approve and would end up bitching me out (again). > =)
I've heard about it, amazing bitch. > > I also checked in their bugzilla, and there's not much regarding this > > privsep bug at all in there from what I could tell. > > There should be a whole slew, but probably listed under various > problems with pam. This is definately a known issue. Once I have a > little extra time, I will start fiddling with the cvs version of > openssh and see if they are actually fixing this stuff. Ahh, of course. My fault for not searching the right keyword (and had the patience to wait for bugzilla in and output). I will try to check this in CVS too, I'll keep you posted. Chears. -- Regards // Oden Eriksson Deserve-IT Networks -> http://d-srv.com
