Mailinglist Archive: opensuse-security (334 mails)
| < Previous | Next > |
Privilege Separation disabled?
- From: Jonathan Lim <trayde@xxxxxxxxxxxxxx>
- Date: Wed, 17 Sep 2003 04:21:15 +0100
- Message-id: <200309170421.15797.trayde@xxxxxxxxxxxxxx>
On Tuesday 16 September 2003 9:47 pm, Roman Drahtmueller wrote:
> Please note that we have disabled the Privilege Separation feature in
> the ssh daemon (sshd) with this update. The PrivSep feature is designed
> to have parts of the ssh daemon's work running under lowered
> privileges, thereby limiting the effect of a possible vulnerability in the
> code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation
> keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is
> held responsible for malfunctions in PAM (Pluggable Authentification
> Modules). The update mechanism will not overwrite configuration files that
> have been altered after the package installation.
Why has this been disabled? As part of the CERT advisory it recommends that it
is on.
http://www.cert.org/advisories/CA-2003-24.html
Cheers,
Jon
--
SuSE Linux 8.2 (i586)
Linux 2.4.20-4GB-athlon
ruby 1.8.0 (2003-09-10) [i686-linux]
> Please note that we have disabled the Privilege Separation feature in
> the ssh daemon (sshd) with this update. The PrivSep feature is designed
> to have parts of the ssh daemon's work running under lowered
> privileges, thereby limiting the effect of a possible vulnerability in the
> code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation
> keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is
> held responsible for malfunctions in PAM (Pluggable Authentification
> Modules). The update mechanism will not overwrite configuration files that
> have been altered after the package installation.
Why has this been disabled? As part of the CERT advisory it recommends that it
is on.
http://www.cert.org/advisories/CA-2003-24.html
Cheers,
Jon
--
SuSE Linux 8.2 (i586)
Linux 2.4.20-4GB-athlon
ruby 1.8.0 (2003-09-10) [i686-linux]
| < Previous | Next > |