Bug in all versions of OpenSSH

Dan Kaminsky dan at doxpara.com
Mon Apr 8 21:23:31 EST 2002


> On Sat, Apr 06, 2002 at 05:16:47PM -0800, Dan Kaminsky wrote:
> > I haven't really decided how I feel about this, but I'm somewhat leaning
> > towards feeling that "last" should show the last n logins.
>
> last is complex and different on every other architecture,
> so you should rely on syslogd for such things.

A reasonable enough statement...but I don't know about syslogd directly.
Last is nice because it's a tool that directly outputs usable information,
which raw system logs aren't.  Maybe we can unify last in some manner.  Hmm.

> > I do remember that CVS over SSH can be made much faster with something
that
> > caches SSH sessions and runs multiple commands over them (fsh, if I
remember
> > right).  Could PrivSep be tweaked to allow this form of functionality?
>
> i don't think this is related to privsep.  sshd supports up
> to 10 concurrent sessions, just hack the code into ssh.

Is the ten session limit related to the protocol or the implementation?

I bring up PrivSep because, from what I can see, it involves creating an
interface by which lesser-trusted executables can access the cryptographic
constructs from the greater-trusted separated process.  As long as we're
having one ssh executable access one privsep'd process, we might as well
allow n.

For that matter, is there anything that will prevent arbitrary processes
from contacting the privsep'd process and accessing it as they see fit?

--Dan





More information about the openssh-unix-dev mailing list