Re: UseLogin and openssh-portable priv separation
From: Brian Behlendorf (brian@hyperreal.org)
Date: 06/25/02
- Next message: Marco Wertejuk: "Re: openssh-portable and s/key passwords"
- Previous message: Chris BeHanna: "Re: How to check if "UsePrivilegeSeparation" works in OpenSSH?"
- In reply to: Niels Provos: "Re: UseLogin and openssh-portable priv separation"
- Next in thread: Andrew McNaughton: "Re: UseLogin and openssh-portable priv separation"
- Reply: Andrew McNaughton: "Re: UseLogin and openssh-portable priv separation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jun 2002 08:50:44 -0700 (PDT) From: Brian Behlendorf <brian@hyperreal.org> To: Niels Provos <provos@citi.umich.edu>
On Tue, 25 Jun 2002, Niels Provos wrote:
> If you do UseLogin, that means that you will loose privilege
> separation after authentication. The Pre-authentication phase is
> still privilege separated even with UseLogin enabled.
Right, I got that from the man page, but was still slightly unclear: does
using UseLogin remove the security that prevents the to-be-released
exploit from being exploitable? Sounds like it does not remove that
security, *unless* the attack came from someone who successfully
authenticated, who could then get root?
Brian
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Marco Wertejuk: "Re: openssh-portable and s/key passwords"
- Previous message: Chris BeHanna: "Re: How to check if "UsePrivilegeSeparation" works in OpenSSH?"
- In reply to: Niels Provos: "Re: UseLogin and openssh-portable priv separation"
- Next in thread: Andrew McNaughton: "Re: UseLogin and openssh-portable priv separation"
- Reply: Andrew McNaughton: "Re: UseLogin and openssh-portable priv separation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
