Date: Tue, 25 Jun 2002 06:53:12 -0400 From: Niels Provos <provos@citi.umich.edu> To: Brian Behlendorf <brian@hyperreal.org> Cc: security@freebsd.org Subject: Re: UseLogin and openssh-portable priv separation Message-ID: <20020625105312.GH15772@citi.citi.umich.edu> In-Reply-To: <20020624164234.E10398-100000@yez.hyperreal.org> References: <20020624164234.E10398-100000@yez.hyperreal.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 24, 2002 at 04:49:23PM -0700, Brian Behlendorf wrote: > I prefer to use UseLogin in sshd_config so I can pick some login.conf > settings. It appears I needed to turn that off in order to get the > privilege separation in openssh 3.3 to work, where there's a much smaller > segment of code that runs root rather than the whole sshd child. Anyone > know whether it's possible to reconcile the two? Or a reliable way to set > the MAIL variable for all users, independent of the shells they're > using, which is all I care about at this point. If you do UseLogin, that means that you will loose privilege separation after authentication. The Pre-authentication phase is still privilege separated even with UseLogin enabled. When I developed privilege separation for OpenSSH, one intent was to make it work as well as possible even if not all necessary features are available by an operating system. So, if you do not have anonymous mmaps, you can turn off compression. if you do not have file descriptor passing, you loose privilege separation after successful authentication. Because of the way that login works, you only get pre-authentication privilege separated. The web page talks some more about that. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625105312.GH15772>