[OpenAFS-devel] OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos

John Davidorff Pell johnpell at mac.com
Tue Feb 3 13:11:37 EST 2004


On 2 Feb 2004, at 16:53, Dean Anderson wrote:
> This is why we need a forked version.  Sorry.

Its generally not a good idea to fork, unless absolutely necessary. If 
privsep does not reduce security (significantly, and I know that its 
debatable what "significantly" means), then ignore the people who think 
its great, and work on actually fixing the problems/exploits. If it is 
in itself a dramatic security risk, then demonstrate that and even 
those who like privsep will be able to understand (or be kicked off the 
project, I hope) and you've fixed the real project, not just a fork.

Also, if one does not know how to fix a given exploit, and privsep 
makes that exploit more difficult, then it gives us time to figure it 
out and repair it before a real root exploit is achieved, whereas 
without privsep our response must be much quicker, which it often is 
not.

Personally, I'm not a big fan of privsep, but "two glass doors" make 
more noise when broken, than just one, so I cna understand why many 
people like it.

JP


--
"The New York Times is read by the people who run the country. The 
Washington Post is read by the people who think they run the country. 
The National Enquirer is read by the people who think Elvis is alive 
and running the country ..."
-- Robert J Woodhead




More information about the openssh-unix-dev mailing list