Fwd: privsep in ssh
Russell Coker
russell at coker.com.au
Mon Sep 22 15:55:39 EST 2003
On Mon, 22 Sep 2003 15:44, Damien Miller wrote:
> > #ifdef DISABLE_FD_PASSING
> > if (1) {
> > #else
> > if (authctxt->pw->pw_uid == 0 || options.use_login) {
> > #endif
>
> I think we should change this test to something like:
>
> if (!ALWAYS_POSTAUTH_PRIVSEP &&
> (authctxt->pw->pw_uid == 0 || options.use_login ||
> NEVER_POSTAUTH_PRIVSEP)) {
>
> Then we can set NEVER_POSTAUTH_PRIVSEP and ALWAYS_POSTAUTH_PRIVSEP (to 1)
> in autoconf as appropriate.
>
> Comments?
Sounds reasonable to me.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the openssh-unix-dev
mailing list