Privilege separation

Dan Astoorian djast at
Thu Oct 30 03:42:40 EST 2003

On Wed, 29 Oct 2003 09:28:45 EST, Dan Yefimov writes:
> And what about privilege separation? ;-) My patch proves that making it a 
> compile time option is trivial too. And I completely agree with Darren's view
> point. Again, everyone must have an option.

A 500-line patch which requires future maintainers to add more #ifdefs
every time they test the "use_privsep" variable is hardly "trivial."

A simpler approach might have been to define use_privsep as a
preprocessor constant, (removing any code that sets its value), and
letting your compiler's optimizer remove the resulting dead code.

Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at        not, it's better to have loved and won.  All  the other options really suck.    --Dan Redican

More information about the openssh-unix-dev mailing list