Nathan Angelacos wrote: > > On 1 Jul 2002 at 22:38, Greg Morgan wrote: > <snip> > Long answer: According to > > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102495293705094&w2 > > Privilege separation takes ~24500 lines of code and puts it in a chroot > jail, leaving only ~2500 lines of code running as root. I believe the > thinking here is that privilege separation doesn't fix this problem > specifically; it makes it less likely for there to be privilege escalation > in the future. Privilege separation was evidently available in earlier > versions of openSSH, the difference is that it is now the default.
Thanks. Your paragraph provides some additional information I had not received. It appears to be a simple choice based on the above information. chroot is better. Greg Morgan ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
