Upcoming OpenSSH vulnerability

Corinna Vinschen vinschen at redhat.com
Wed Jun 26 19:44:59 EST 2002 

On Wed, Jun 26, 2002 at 04:18:48AM -0500, Phil Howard wrote:
> On Wed, Jun 26, 2002 at 09:50:27AM +0200, Corinna Vinschen wrote:
> | On Tue, Jun 25, 2002 at 09:24:12PM -0500, Phil Howard wrote:
> | > live security situation?  If they can't respond to that, then it
> | > is time to write them off as another MSFT-wannabe.
> | 
> | You're living in an ideal world, right?
> 
> It depends on whose definition you want to use.  Bill Gates' definition?

I'm working for Red Hat so it should be obvious that I don't follow
Bill Gates' definition.  Especially I don't think that this is a
valid comment.  We don't talk about good and bad or correct and
incorrect.

> How long has the opportunity to port privilege separation been there?

It's not privilege separation since that hasn't to be ported.  It's
the OS dependend concepts used by privilege separation.  Regardless
of what you or me are thinking about the different concepts of Windows
and POSIX systems, it's (not only) Cygwin's problem to get the POSIX
concepts working on a platform which is pretty different.  E. g. the
concept of descriptor passing.  It's known on Windows systems and it's
probably no problem to get that working on systems which are lacking
any security concept (9x/Me).  It is a problem, though, to fit the
Windows concept of handle passing into the POSIX concept of descriptor
passing using sendmsg/recvmsg.  The problem is that the Windows concept
requires the involved processes to have knowledges and permissions
on each other, which is something hidden in the kernel on POSIX systems.
Again, this isn't a question of good or bad, correct or incorrect, it's
just a question of being different.  In this case, the differences are
so that we still don't have an implementation of descriptor passing
using sendmsg/recvmsg in Cygwin.  That's unfortunate and we're working
on that (still discussing the best way to do it) but you won't change
that in a minute.

Another concept is chroot.  This isn't known at all on Windows
systems.  So our implementation is just a fake.  But due to that
restriction in the underlying OS *we depend on* we have no other
way to accomplish a chroot.

So what?  Do you just shrug and disallow Windows users the usage of
sshd since you don't like the concept of the OS?  I'd find this
attitude somewhat ignorant but I still hope that you actually don't
mean it that way.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com

More information about the openssh-unix-dev mailing list