Privilege separation

Peter Stuge stuge-openssh-unix-dev at cdy.org
Wed Oct 29 17:58:14 EST 2003


SCNR commenting. I appreciate the decision not to allow disabling of
privsep.

On Wed, Oct 29, 2003 at 01:09:29AM +0300, Dan Yefimov wrote:
> It's vain that you have taken 'solve' in quotes and believe that the patch 
> doesn't solve any problems. Imagine a little router that is booted from 
> diskette or ZIP drive. Every excessive byte of storage taken by an
> executable is important. Using privilege separation in that system doesn't
> make much sense.

The router not getting rooted because of some bug in OpenSSH or elsewhere
is more important to me when I build routers.

Floppy disks are (finally!) a dying breed. ZIP disks have hundreds of
megabytes of storage space, as does CDs.

If security isn't useful, you could just use utelnetd.


//Peter




More information about the openssh-unix-dev mailing list