Re: OpenSSH Vulns (new?) Priv seperation

From: Michael Greenberg (greenbergat_private)
Date: Thu Jun 27 2002 - 12:08:57 PDT

  • Next message: Zacharias Pigadas: "RE: Java and buffer overflows"

    > "However, with privileges separation turned on, you are 
    > immune from at least one remote hole."
    > at least one? Jesus how many are there? any information 
    > would be appreciated....
    > -wire
    
    I think he means to imply that with UsePrivilegeSeparation, you'll be 
    immune to unknown bugs in the nearly twenty-five thousand lines of non-
    root code.
    
    I would liken this to Apache, running as 'nobody' or a separate user, 
    as compared with IIS, running as 'System'.  It's a Good Thing.
    
    Michael.
    



    This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 10:33:48 PDT