deprecation of UsePrivilegeSeparation breaks container use cases

Damien Miller djm at mindrot.org
Mon Aug 7 10:13:07 AEST 2017



On Sun, 6 Aug 2017, Aleksandar Kostadinov wrote:

> Hello,
> 
> there are emerging container services that restrict regular users to
> launch containers under some random uid for security reasons. If such
> user needs sshd in their container, they need to turn off
> `UsePrivilegeSeparation` so that sshd is executed as the current uid
> and not `root`.
> 
> I understand that privilege separation [1] is more than changing the
> process uid. On the other hand, it is unreasonable to expect
> administrators to let regular users execute privileged code of any
> sort. If they do so, this would compromise security of all other
> users.

It's not much of a container if it doesn't contain root-running code
IMO.

Anyway, running sshd as a non-root user works fine and will continue
to work fine. Making privsep mandatory for root-started sshd hasn't
changed this.

-d


More information about the openssh-unix-dev mailing list