Privilege separation
Logu
logsnaath at gmx.net
Wed Oct 29 20:30:36 EST 2003
> > In general it introduces more headaches and does not "solve" any real
> > problems.
> >
> It's vain that you have taken 'solve' in quotes and believe that the patch
> doesn't solve any problems. Imagine a little router that is booted from
> diskette or ZIP drive. Every excessive byte of storage taken by an
executable is
> important. Using privilege separation in that system doesn't make much
sense. So
> the ability to configure out 'dead' code and reduce executable size is
important
> in such case. Also many people may believe this feature to be useful.
>
If code size is your main issue rather than security, better option will be
rsh.
I do not understand why there is a runtime option not to use privilege
separation. What if the previlege separation is made compulsary.
-Logu
More information about the openssh-unix-dev
mailing list