Fwd: privsep in ssh
russell at coker.com.au
Mon Sep 22 16:33:29 EST 2003
On Mon, 22 Sep 2003 15:55, Damien Miller wrote:
> > > Then we can set NEVER_POSTAUTH_PRIVSEP and ALWAYS_POSTAUTH_PRIVSEP (to
> > > 1) in autoconf as appropriate.
> > >
> > > Comments?
> > Sounds reasonable to me.
> How can we unambiguously identify SELinux at ./configure time? Does it
> return a different platform string?
Detecting SE Linux at ./configure time is wrong. Using a non-SE machine to
compile programs for a SE machine (or the other way around) is quite common.
We can detect SE Linux at run time, but there seems little point in that. The
issue of privsep for root doesn't seem to add enough cost to make it worth
such efforts to avoid it.
Having an option for ./configure that a distribution vendor can use to
determine this is reasonable. But I'm still in favour of just using a flag
in sshd_config to determine whether privsep should be used. I think that if
the sshd_config says to use privsep then it should be used regardless of what
user you are logging in as or the OS that's running on the machine.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the openssh-unix-dev