Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Damien Miller (djmmindrot.org)
Date: Wed Jun 20 2007 - 18:50:30 CDT
On Wed, 20 Jun 2007, Sebastian Krahmer wrote:
> Honestly, if someone owns your PrivSep'ed sshd remotely; with all the
> kernel exploits once in a while; will this really protect you?
No, and Niels' original privsep paper made this quite clear. It does
reduce the risk a little: an attacker who has gained control over the
unprivileged process sees a smaller system attack surface than one
who can open random /dev nodes, exec() setuid binaries, etc.
> It rather adds a complexity which leads to comments such as
> 'Fix a bug in the sshd privilege separation monitor that weakened its
> verification of successful authentication. ...' in the ChangeLog.
Actually, it was item #1 on openssh-4.5's release notes and clearly
marked as a security bug - not buried in a Changelog.
Dailydave mailing list