Openssl and openssh

ew-ssh at ew-ssh at
Thu Aug 1 23:43:03 EST 2002

Does privsep throw root out the window?

On Thu, 1 Aug 2002, Florian Weimer wrote:

> ew-ssh at writes:
> > Ahh, ok; thank you.  So basically only those servers who have public key 
> > entries in my authorized_hosts[2] would be able to exploit the ssl 
> > vulnerability?  I suppose those who have an entry in my authorized_keys 
> > already get access to the box, so why exploit it.
> Two things:
>   - gaining root privileges
>   - public key authentication might only grant non-interactive access
>     (using "command=")
> But I agree that such a vulnerability is not too dangerous, given the
> sorry state of local security on UNIX-like systems in general.

More information about the openssh-unix-dev mailing list