Privilege separation
Markus Friedl
markus at openbsd.org
Thu Oct 30 04:27:50 EST 2003
On Wed, Oct 29, 2003 at 08:13:24PM +0300, Dan Yefimov wrote:
> On Wed, 29 Oct 2003, Markus Friedl wrote:
>
> > > > privilege separation as a compile time option requires far more
> > > > changes. i'd like to see no compile time options at all,
> > > > but that requires some rewrite.
> > > >
> > > OK, hence what exactly is wrong/missing in my patch (please don't only tell me
> > > you dislike the idea itself of it - I've already got that) ?
> >
> > it's too big
>
> The patch introducing privilege separation was much bigger. In general I see
> no constructive dialogue between me and you to be turned out - there will always
> be millions of thought up justifications for not wishing doing something.
but the privilege separation did not include #ifdef
#ifdef is generally considered bad, because it introduces more codepaths.
there should be not optional code.
> > Privilege separation would be made optional last.
> >
> 2all: Is there at least one maintainer around in the list that would simply
> apply that simple patch without such unreasonable resistance? Up to the moment I
it's not a simple patch, it touches many files and introduces #ifdef.
More information about the openssh-unix-dev
mailing list