Problems with UsePrivilegeSeparation (was: port fwd as user != root?

Gert Doering gert at greenie.muc.de
Wed Jun 12 06:25:50 EST 2002


Hi,

On Wed, May 29, 2002 at 05:52:48PM +0800, Mathias Koerber wrote:
[..]
> > but with privsep, the privileged process does not
> > touch the network.  the call to bind() will happen
> > in the 'user' process.
> That should help me..

Just verified this (in-house application that uses identd to find out
which of the "normal unix users" is connecting to a web application -
as long as the unix machine isn't rooted, identd is good enough), and
it indeed solved *my* problem - the forwarded connections come from
the user that I'm logged in as, and the application is now working
nicely from remote (without doing uglies like "run netscape over
remote $DISPLAY").

Thanks, good work!

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de



More information about the openssh-unix-dev mailing list