[Dailydave] PrivSep
Damien Miller
djm at mindrot.org
Wed Jun 20 19:50:30 EDT 2007
On Wed, 20 Jun 2007, Sebastian Krahmer wrote:
>
> Honestly, if someone owns your PrivSep'ed sshd remotely; with all the
> kernel exploits once in a while; will this really protect you?
No, and Niels' original privsep paper made this quite clear. It does
reduce the risk a little: an attacker who has gained control over the
unprivileged process sees a smaller system attack surface than one
who can open random /dev nodes, exec() setuid binaries, etc.
> It rather adds a complexity which leads to comments such as
> 'Fix a bug in the sshd privilege separation monitor that weakened its
> verification of successful authentication. ...' in the ChangeLog.
Actually, it was item #1 on openssh-4.5's release notes and clearly
marked as a security bug - not buried in a Changelog.
-d
More information about the Dailydave
mailing list