Privilege separation
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Wed Oct 29 17:58:14 EST 2003
SCNR commenting. I appreciate the decision not to allow disabling of
privsep.
On Wed, Oct 29, 2003 at 01:09:29AM +0300, Dan Yefimov wrote:
> It's vain that you have taken 'solve' in quotes and believe that the patch
> doesn't solve any problems. Imagine a little router that is booted from
> diskette or ZIP drive. Every excessive byte of storage taken by an
> executable is important. Using privilege separation in that system doesn't
> make much sense.
The router not getting rooted because of some bug in OpenSSH or elsewhere
is more important to me when I build routers.
Floppy disks are (finally!) a dying breed. ZIP disks have hundreds of
megabytes of storage space, as does CDs.
If security isn't useful, you could just use utelnetd.
//Peter
More information about the openssh-unix-dev
mailing list