RE: OpenSSH Vulns (new?) Priv seperation

From: Peter Mueller (pmuellerat_private)
Date: Wed Jun 26 2002 - 12:56:32 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: OpenSSH Vulns (new?) Priv seperation"

    > "However, with privileges separation turned on, you are 
    > immune from at least one remote hole."
    > at least one? Jesus how many are there? any information 
    > would be appreciated....
    > -wire
    "
    Basically, OpenSSH sshd(8) is something like 27000 lines of code.  A
    lot of that runs as root.  But when UsePrivilegeSeparation is enabled,
    the daemon splits into two parts.  A part containing about 2500 lines
    of code remains as root, and the rest of the code is shoved into a
    chroot-jail without any privs.  This makes the daemon less vulnerable
    to attack.
    "
    
    reducing root-run code from 27000 to 2500 lines is the important part.  who
    cares how many holes there are when it is in /var/empty/sshd chroot with no
    possibility of root :)
    
    Peter
    
    PS - agreed that his choice of wording is "interesting"...
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:41:43 PDT