monitor-slave model
Ángel González
keisial at gmail.com
Thu Jan 28 09:27:08 AEDT 2016
On 27/01/16 15:39, mu dongliang wrote:
> Hello everyone,
> I am a newbie about openssh. I have seen privilege separation mechanism in openssh.
> I did some small experiment in my Debian Jessie. I observed that this privilege separation use monitor-slave model (1:1). I am curious why openssh implements this with monitors-slaves(1:n)!
> I doubt whether the former is suitable. And I think the latter is more like real world.
> What's your opinion about this thought?
>
> - mudongliang
Hello Mudongliang
Have you already read http://www.citi.umich.edu/u/provos/ssh/privsep.html ?
I'm not able to answer you though, as I have trouble understanding you.
You seem to contradict yourself mentioning 1:1 and 1:n, so in the end
it's not clear what you are asking. :(
Maybe try to clarify it and make a more concrete question? Also, it
would be benefitial if you expanded a bit on why you consider the
current implementation would be unsuitable.
Regards
More information about the openssh-unix-dev
mailing list