preauth privsep logging via monitor

Corinna Vinschen vinschen at redhat.com
Mon Jun 20 18:08:01 EST 2011


On Jun 20 14:58, Damien Miller wrote:
> On Thu, 2 Jun 2011, Damien Miller wrote:
> 
> > Hi,
> > 
> > This diff (for portable) makes the chrooted preauth privsep process
> > log via the monitor using a shared socketpair. It removes the need
> > for /dev/log inside /var/empty and makes mandatory sandboxing of the
> > privsep child easier down the road (no more socket() syscall required).
> 
> FYI this has been committed and will be in the 20110621 snapshot. I
> never received any test reports for users of portable OpenSSH, so please
> give a snapshot a try and report back.

I was on vacation when you asked for testing the first time, so I tested
now.  I tried from CVS, and it still builds and works fine on Cygwin.

When you say "mandatory sandboxing of the privsep child", this hopefully
doesn't imply that running the privsep child becomes mandatory, too.

This would break running ssh on Cygwin which still lacks descriptor passing
via sendmsg/recvmsg.

Out of curiosity, do you see a way to implement the privsep child
without the need for descriptor passing?  Maybe by passing the data over
the socket instead of by passing the descriptor to the data?


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list