Privilege Separation Design Question
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jul 1 00:04:17 EST 2011
On 06/30/2011 09:48 AM, Hans Harder wrote:
> Also if you do that in the middle of automatic script activity, I have
> no idea what will go wrong
I agree, this strikes me as a disaster waiting to happen.
Eric, have you considered doing re-authorization without
re-authentication? It seems to me that you could take that approach
much more cleanly (and simply terminate any ongoing connections that are
found to be no-longer-authorized).
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110630/f1deb363/attachment.bin>
More information about the openssh-unix-dev
mailing list