Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Privilege Separation disabled?
  • From: Jonathan Lim <trayde@xxxxxxxxxxxxxx>
  • Date: Wed, 17 Sep 2003 04:21:15 +0100
  • Message-id: <200309170421.15797.trayde@xxxxxxxxxxxxxx>
On Tuesday 16 September 2003 9:47 pm, Roman Drahtmueller wrote:
> Please note that we have disabled the Privilege Separation feature in
> the ssh daemon (sshd) with this update. The PrivSep feature is designed
> to have parts of the ssh daemon's work running under lowered
> privileges, thereby limiting the effect of a possible vulnerability in the
> code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation
> keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is
> held responsible for malfunctions in PAM (Pluggable Authentification
> Modules). The update mechanism will not overwrite configuration files that
> have been altered after the package installation.

Why has this been disabled? As part of the CERT advisory it recommends that it
is on.
http://www.cert.org/advisories/CA-2003-24.html

Cheers,
Jon
--
SuSE Linux 8.2 (i586)
Linux 2.4.20-4GB-athlon
ruby 1.8.0 (2003-09-10) [i686-linux]


< Previous Next >
Follow Ups
References