Date: Mon, 24 Jun 2002 19:46:33 -0600 From: Theo de Raadt <deraadt@cvs.openbsd.org> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: nectar@FreeBSD.ORG (Jacques A. Vidrine), freebsd-security@FreeBSD.ORG Subject: Re: Hogwash Message-ID: <200206250146.g5P1kXLI030924@cvs.openbsd.org> In-Reply-To: Your message of "Tue, 25 Jun 2002 11:40:15 %2B1000." <200206250140.LAA26616@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> What I like least about this new bug is that the workaround is to use > a new feature called "Priviledge Separation". Maybe it wouldn't have > mattered what the "next new bug" was, this would just have been one > defence. The timing is quite ironic. Yes, and you know all about ironic timing > The paranoia in me is screaming to resist and I can't help but ponder, > does enabling priviledge separation disable the exploit or does it just > limit it to the userid sshd runs as in this mode ? Darren, resist enabling privsep. I cannot find strong enough enough words in urging you. > Can an attacker still get a remote shell (just not root) if priviledge > separation is enabled ? Duh. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206250146.g5P1kXLI030924>