OpenSSH 3.3 released

Chris Adams cmadams at hiwaay.net
Sat Jun 22 14:17:50 EST 2002


Once upon a time, Markus Friedl <markus at openbsd.org> said:
> Security Changes:
> =================
> 
> - improved support for privilege separation:
> 
> 	privilege separation is now enabled by default

I'm (finally!) looking at privsep and Tru64 Unix (with HAVE_OSF_SIA
enabled), and I'm not sure I can see how it will work.  The problem is
in auth-sia.c session_setup_sia().

The sia_ses_estab() call has to run as root because in enhanced security
mode it checks the protected password database to make sure the account
is not expired, locked, etc., and updates the database with last
successful login.  However, it also also sets things like resource
limits for the child process.

The sia_ses_launch() call has to run as root as well because it
generates audit records and has to run in the child because it sets the
effective user and group IDs.

Is this possible to do with privilege separation?
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



More information about the openssh-unix-dev mailing list