Privilege Separation Design Question

Andreas Gunnarsson andreas at
Fri Jul 1 07:10:53 EST 2011

On Thu, Jun 30, 2011 at 10:06:51AM -0700, Iain Morgan wrote:
> I wonder if the (not yet committed) roaming feature could be (ab)used
> to meet this need. If both the client and server had support for the
> feature, it might be feasible to break sshd's TCP connection and then
> wait for the client to reauthenticate.

Possibly, but just breaking the TCP connection won't be enough. The
point of roaming is to make it possible to re-establish the connection
automatically without user authentication.

If anyone wants to add an option to the roaming patch that requires
reauthentication on resume then it's probably not too difficult, but I
haven't given it much thought.

The old roaming patch most likely won't apply cleanly to the current
source, and I suspect that the sandbox feature requires some non-trivial
modifications to the roaming functionality. I'll try to find the time to
update the patch, but it won't happen for at least a couple of weeks.


More information about the openssh-unix-dev mailing list