deprecation of UsePrivilegeSeparation breaks container use cases
Damien Miller
djm at mindrot.org
Mon Aug 7 10:13:07 AEST 2017
On Sun, 6 Aug 2017, Aleksandar Kostadinov wrote:
> Hello,
>
> there are emerging container services that restrict regular users to
> launch containers under some random uid for security reasons. If such
> user needs sshd in their container, they need to turn off
> `UsePrivilegeSeparation` so that sshd is executed as the current uid
> and not `root`.
>
> I understand that privilege separation [1] is more than changing the
> process uid. On the other hand, it is unreasonable to expect
> administrators to let regular users execute privileged code of any
> sort. If they do so, this would compromise security of all other
> users.
It's not much of a container if it doesn't contain root-running code
IMO.
Anyway, running sshd as a non-root user works fine and will continue
to work fine. Making privsep mandatory for root-started sshd hasn't
changed this.
-d
More information about the openssh-unix-dev
mailing list