Privilege separation
Dan Astoorian
djast at cs.toronto.edu
Thu Oct 30 03:42:40 EST 2003
On Wed, 29 Oct 2003 09:28:45 EST, Dan Yefimov writes:
> And what about privilege separation? ;-) My patch proves that making it a
> compile time option is trivial too. And I completely agree with Darren's view
>
> point. Again, everyone must have an option.
A 500-line patch which requires future maintainers to add more #ifdefs
every time they test the "use_privsep" variable is hardly "trivial."
A simpler approach might have been to define use_privsep as a
preprocessor constant, (removing any code that sets its value), and
letting your compiler's optimizer remove the resulting dead code.
--
Dan Astoorian People shouldn't think that it's better to have
Sysadmin, CSLab loved and lost than never loved at all. It's
djast at cs.toronto.edu not, it's better to have loved and won. All
www.cs.toronto.edu/~djast/ the other options really suck. --Dan Redican
More information about the openssh-unix-dev
mailing list