Re: OpenSSH Vulns (new?) Priv seperation

From: Michael Greenberg (greenbergat_private)
Date: Thu Jun 27 2002 - 12:08:57 PDT

Next message: Zacharias Pigadas: "RE: Java and buffer overflows"

Previous message: Philip Rowlands: "Re: Possible flaw in XFree?"
In reply to: wirepair: "OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> "However, with privileges separation turned on, you are 
> immune from at least one remote hole."
> at least one? Jesus how many are there? any information 
> would be appreciated....
> -wire

I think he means to imply that with UsePrivilegeSeparation, you'll be 
immune to unknown bugs in the nearly twenty-five thousand lines of non-
root code.

I would liken this to Apache, running as 'nobody' or a separate user, 
as compared with IIS, running as 'System'.  It's a Good Thing.

Michael.

Next message: Zacharias Pigadas: "RE: Java and buffer overflows"
Previous message: Philip Rowlands: "Re: Possible flaw in XFree?"
In reply to: wirepair: "OpenSSH Vulns (new?) Priv seperation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 10:33:48 PDT