OpenSSH 3.3 released
Niels Provos
provos at citi.umich.edu
Sat Jun 22 23:33:09 EST 2002
On Fri, Jun 21, 2002 at 11:17:50PM -0500, Chris Adams wrote:
> I'm (finally!) looking at privsep and Tru64 Unix (with HAVE_OSF_SIA
> enabled), and I'm not sure I can see how it will work. The problem is
> in auth-sia.c session_setup_sia().
You can delay that call until the very beginning of privilege
separation in the post-authentication phase.
> The sia_ses_estab() call has to run as root because in enhanced security
[...]
> The sia_ses_launch() call has to run as root as well because it
> generates audit records and has to run in the child because it sets the
> effective user and group IDs.
Same for these.
Niels.
More information about the openssh-unix-dev
mailing list