uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)

Markus Friedl markus at openbsd.org
Thu Sep 5 02:53:53 EST 2002


On Wed, Sep 04, 2002 at 11:43:43AM -0400, Toni L. Harbaugh-Blackford wrote:
> What do we loose by not having post-auth privsep?

a lot.

> 
> What code is executed between authorization and actual setting of the
> effective uid?

all the protocol parsing is still run with uid==0, only the forked
login shell has the uid of the authenticated used.



More information about the openssh-unix-dev mailing list