On Thu, Apr 17, 2003 at 06:24:24PM +0200, Robert Millan wrote: > Package: openssh > Version: unavailable; reported 2003-04-17 > Severity: normal > > As noted in the debconf template: > > NB! If you are running a 2.0 series Linux kernel, then privilege > separation will not work at all, and your sshd will fail to start > unless you explicitly turn privilege separation off. > > I suggest that defaults are reverted for both when sshd_config needs > to be generated in postinst and when sshd_config is taken from the > packaged file, so that any kernel other than Linux later than 2.0 > gets a default config without priviledge separation.
Now that we've gone to all the effort of introducing it, I do think that the default should be to enable privilege separation; the cases where it's a problem are exceptions (PAM is still a problem, but I think that's going to be improved upstream soon). We could turn it off for some specific known cases, though. If you could provide a reasonably reliable way to identify them then that would be helpful. However, if at all possible I'd prefer to fix privsep. > On the non-linux ports: note that priviledge separation is not supported > on GNU, and will probably never be, since it has a different concept of > user priviledges. I don't understand why. Privilege separation just requires a separate user and group which is used for processing network data, the ability for sshd running as root to setuid(), setgid(), and setgroups() to that user and group, and an empty chroot. I didn't think GNU was so different that this would be unavailable; in fact, I would expect all of these features to be available on any Debian system. The reason why privilege separation doesn't work on Linux 2.0 was originally due to the lack of anonymous memory mapping, and now that that has been worked around it's due to a simple bug (#150976). Could you please explain the problem on GNU in more detail? > I'm not sure about the *BSD ports. Since privilege separation was developed on BSD, it seems highly likely that the BSD ports will support it. Cheers, -- Colin Watson [EMAIL PROTECTED]
