Fwd: privsep in ssh

Russell Coker russell at coker.com.au
Mon Sep 22 15:25:50 EST 2003

It was suggested to me that I forward this message to you.

----------  Forwarded Message  ----------

Subject: privsep in ssh
Date: Fri, 19 Sep 2003 12:22
From: Russell Coker <russell at coker.com.au>
To: SE Linux <selinux at tycho.nsa.gov>
Cc: Colin Watson <cjwatson at debian.org>

        if (1) {
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
                /* File descriptor passing is broken or root login */
                use_privsep = 0;

When browsing the ssh source I noticed the above in sshd.c.  It appears from
 a casual inspection that we should change this and remove the check for
 pw_uid == 0.  Logging in as root in SE Linux does not mean that we have full
 administrative privs, so I think that we should have privsep enabled all the

I have compiled a sshd with privsep for root logins and it seems to work

I have attached the patch against ssh 3.6.1p2, I expect that the same thing
would be necessary in 3.7.1 and the same patch probably applies (but I
haven't checked).

I believe that this patch is worthy of inclusion in the standard distribution
of ssh.  The only drawback is that it uses a small amount of extra CPU power
for root logins, and on systems such as SE Linux it provides security

Anyone who wants to use the SE Linux PAM module for sshd probably wants this.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-diff
Size: 381 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030922/c1a58cda/attachment.bin 

More information about the openssh-unix-dev mailing list