Privilege separation

Dan Yefimov dan at
Wed Oct 29 07:00:07 EST 2003

On Tue, 28 Oct 2003, Markus Friedl wrote:

> On Tue, Oct 28, 2003 at 07:59:47PM +0300, Dan Yefimov wrote:
> > 				Hello!
> > 	Please consider including the attached patch in the next release. It 
> > allows one to drop privilege separation code while building openssh by using 
> > '--disable-privsep' switch of configure script. If one doesn't use privilege 
> > separation at all, why don't simply allow him to drop privilege separation 
> > support completely?
> no, this won't happen. you could do this for every runtime option.
Please forgive me my importunity, but your answer seems unclear to me. What 
exactly could I do for every runtime option? And what's the exact reason for 
rejecting the patch? It simply introduces yet one configuration option allowing 
one to not compile code he doesn't want to use anyway and hence reduce the 
resulting executable size.

    Sincerely Your, Dan.

More information about the openssh-unix-dev mailing list