Privilege separation

Logu logsnaath at
Wed Oct 29 20:30:36 EST 2003

> > In general it introduces more headaches and does not "solve" any real
> > problems.
> >
> It's vain that you have taken 'solve' in quotes and believe that the patch
> doesn't solve any problems. Imagine a little router that is booted from
> diskette or ZIP drive. Every excessive byte of storage taken by an
executable is
> important. Using privilege separation in that system doesn't make much
sense. So
> the ability to configure out 'dead' code and reduce executable size is
> in such case. Also many people may believe this feature to be useful.

If code size is your main issue rather than security, better option will be

I do not understand why there is a runtime option not to use privilege
separation. What if the previlege separation is made compulsary.


More information about the openssh-unix-dev mailing list