Re: Openssh security
From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 09/28/03
- Next message: Gerald B. Rosenberg: "Iptables port forward to host with IP from dhcpd"
- Previous message: /dev/null: "raw packets and iptables"
- In reply to:(deleted message) Linux: "Re: Openssh security"
- Next in thread: Linux: "Re: Openssh security"
- Reply:(deleted message) Linux: "Re: Openssh security"
- Reply: erik: "Re: Openssh security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Sep 2003 22:10:47 GMT
Linux wrote:
> begin on Sat, 27 Sep 2003 13:59:56 +0000, Nico Kadel-Garcia wrote:
>
>
>>Linux wrote:
>>
>>>begin on Wed, 24 Sep 2003 01:08:18 +0000, Nico Kadel-Garcia wrote:
>>>
>>>
>>>>"PrivSep" code, which was supposed to *enhance* security but has turned
>>>>out to be a huge bug source.
>>>
>>>
>>>The point of PrivSep is to isolate the potentially serious bugs into one
>>>smallish chunk of code. Imagine the nightmare if the rest of the code was
>>>also a source of potentially serious bugs.
>>
>>Imagine if we replaced "sendmail" with "cat".
>>
>>That would also be small and highly modular and therefore more secure,
>>but then we'd need to rebuild much of the complexity to get it to do
>>what we actually wanted to do, from scratch, and add a lot of new bugs
>>doing it.
>
>
> Why do that when one could just choose qmail, which does this correctly
> already.
Why use OpenSSH when we could use ssh.com's implementation, which
doesn't use PrivSep and thus doesn't have its fragilities?
Sorry, my point seems to be lost here. PrivSep, as theoretically
desirable as its approach is, has been a serious bug source. It has not
addressed a *single one* of the real security bugs for OpenSSH.
>>Now imagine we did it without broad testing across a variety of
>>platforms. While it worked just *fine* on OpenBSD, under which it was
>>developed, it's been extremely fragile under quite a few platforms:
>>chroot is a rather complex, low-level, system-dependent opeeration, and
>>therefore tough to port successfully to all the OpenSSH platforms. And
>>we're still paying for that with failed installations.
>
>
> I'm not sure what your point is?
PrivSep wasn't ready for general use. The default for it should have
been *off*, and it should have enabled for individual OS's on a case by
case basis as it was tested and experimented with. Instead, its broad
deployment broke OpenSSH for a lot of new users in lots of Linux
variants (for its early use), Solaris, AIX, Tru64, and I don't know if
it works under Windows variants since I haven't run such a server
lately: I run my SSH servers in the UNIX/Linux world.
- Next message: Gerald B. Rosenberg: "Iptables port forward to host with IP from dhcpd"
- Previous message: /dev/null: "raw packets and iptables"
- In reply to:(deleted message) Linux: "Re: Openssh security"
- Next in thread: Linux: "Re: Openssh security"
- Reply:(deleted message) Linux: "Re: Openssh security"
- Reply: erik: "Re: Openssh security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
