Bill => Thank you, for your participation . . .
Bill Moseley wrote: > > At 03:32 PM 06/26/02 -0500, Michael D. Schleif wrote: > >This is what really, really confuses me !!! > > > >What is ``privilege separation'' ??? > > > >Where is it documented? (Not in the manpages, locally nor > ><http://www.openbsd.org/cgi-bin/man.cgi?query=ssh> nor > ><http://www.openbsd.org/cgi-bin/man.cgi?query=sshd>) . . . > > man sshd_config and look for UsePrivilegeSeparation UsePrivilegeSeparation Specifies whether sshd separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by conĀ taining any corruption within the unprivileged processes. The default is ``yes''. BSD September 25, 1999 BSD So, if I understand this, UsePrivilegeSeparation has been there for quite sometime; and, the default being ``yes'', it's been ON for several years -- especially in light of my systems having _no_ entry, therefore defaulting to ``yes''. Is this correct? If so, then what is new about this? Has UsePrivilegeSeparation been *fixed* in v3.3/3.4 ??? If this is the default, and has been for several years, then what is new with this hullabaloo? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
