preauth privsep logging via monitor
Damien Miller
djm at mindrot.org
Thu Jun 23 21:34:19 EST 2011
On Tue, 21 Jun 2011, Damien Miller wrote:
> > This would break running ssh on Cygwin which still lacks descriptor passing
> > via sendmsg/recvmsg.
> >
> > Out of curiosity, do you see a way to implement the privsep child
> > without the need for descriptor passing? Maybe by passing the data over
> > the socket instead of by passing the descriptor to the data?
>
> That's possible but would add a bit of complexity to the monitor - right
> now it operates synchronously on two fds, but if it were to process
> network traffic too then it would need a non-blocking mainloop of its own.
Actually, fd passing is only used by the post-auth monitor. So it should
be possible to enable pre-auth privsep on Cygwin if it isn't already. The
sandbox may help too if Cygwin support setrlimit(). If there are stronger
sandboxing primitives available then we could write a sandbox-cygwin.c to
take advantage of them.
Unfortunately, the fds that are passed between the post-auth monitor and
its user-privilege child are ptys and these are not as amenable to basic
shuffling data back and forth as network sockets.
-d
More information about the openssh-unix-dev
mailing list