Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 2002 06:53:12 -0400
From:      Niels Provos <provos@citi.umich.edu>
To:        Brian Behlendorf <brian@hyperreal.org>
Cc:        security@freebsd.org
Subject:   Re: UseLogin and openssh-portable priv separation
Message-ID:  <20020625105312.GH15772@citi.citi.umich.edu>
In-Reply-To: <20020624164234.E10398-100000@yez.hyperreal.org>
References:  <20020624164234.E10398-100000@yez.hyperreal.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 24, 2002 at 04:49:23PM -0700, Brian Behlendorf wrote:
> I prefer to use UseLogin in sshd_config so I can pick some login.conf
> settings.  It appears I needed to turn that off in order to get the
> privilege separation in openssh 3.3 to work, where there's a much smaller
> segment of code that runs root rather than the whole sshd child.  Anyone
> know whether it's possible to reconcile the two?  Or a reliable way to set
> the MAIL variable for all users, independent of the shells they're
> using, which is all I care about at this point.
If you do UseLogin, that means that you will loose privilege
separation after authentication.  The Pre-authentication phase is
still privilege separated even with UseLogin enabled.

When I developed privilege separation for OpenSSH, one intent was
to make it work as well as possible even if not all necessary
features are available by an operating system.  So,

  if you do not have anonymous mmaps, you can turn off compression.

  if you do not have file descriptor passing, you loose privilege
  separation after successful authentication.

Because of the way that login works, you only get pre-authentication
privilege separated.  The web page talks some more about that.

Niels.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625105312.GH15772>