Privilege separation

Ben Lindstrom mouring at etoh.eviladmin.org
Wed Oct 29 07:22:44 EST 2003



On Tue, 28 Oct 2003, Dan Yefimov wrote:

> On Tue, 28 Oct 2003, Markus Friedl wrote:
>
> > On Tue, Oct 28, 2003 at 07:59:47PM +0300, Dan Yefimov wrote:
> > > 				Hello!
> > > 	Please consider including the attached patch in the next release. It
> > > allows one to drop privilege separation code while building openssh by using
> > > '--disable-privsep' switch of configure script. If one doesn't use privilege
> > > separation at all, why don't simply allow him to drop privilege separation
> > > support completely?
> >
> > no, this won't happen. you could do this for every runtime option.
> >
> Please forgive me my importunity, but your answer seems unclear to me. What
> exactly could I do for every runtime option? And what's the exact reason for
> rejecting the patch? It simply introduces yet one configuration option allowing
> one to not compile code he doesn't want to use anyway and hence reduce the
> resulting executable size.

Introduces harder to read code when there was once clean and simple
pathways.
Introduces yet another set of #ifdef that need to be cared for.
Introduces yet another switch for someone to screw up and not realize
they have.
Introduces yet more complexity in a system that is already complex.
Introduces yet more pathways and configurations to test when testing the
software.

In general it introduces more headaches and does not "solve" any real
problems.

Just because one can make another switch does not mean it is a good thing.

- Ben




More information about the openssh-unix-dev mailing list