[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Privilege Separation disabled?

To: suse-security@xxxxxxxx
Subject: [suse-security] Privilege Separation disabled?
From: Jonathan Lim <trayde@xxxxxxxxxxxxxx>
Date: Wed, 17 Sep 2003 04:21:15 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Wed, 17 Sep 2003 06:23:29 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.58.0309162247040.13476@xxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.58.0309162247040.13476@xxxxxxxxxxxx>
User-agent: KMail/1.5.1

On Tuesday 16 September 2003 9:47 pm, Roman Drahtmueller wrote:
>     Please note that we have disabled the Privilege Separation feature in
>     the ssh daemon (sshd) with this update. The PrivSep feature is designed
>     to have parts of the ssh daemon's work running under lowered
> privileges, thereby limiting the effect of a possible vulnerability in the
> code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation
> keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is
> held responsible for malfunctions in PAM (Pluggable Authentification
> Modules). The update mechanism will not overwrite configuration files that
> have been altered after the package installation.

Why has this been disabled? As part of the CERT advisory it recommends that it 
is on.
http://www.cert.org/advisories/CA-2003-24.html

Cheers,
Jon
-- 
SuSE Linux 8.2 (i586)
Linux 2.4.20-4GB-athlon
ruby 1.8.0 (2003-09-10) [i686-linux]


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] Privilege Separation disabled?
  - From: Jonathan Lim

References:
- [suse-security] SuSE Security Announcement: openssh (SuSE-SA:2003:038)
  - From: Roman Drahtmueller

Prev by Date: Re: [suse-security] Problems with postfix and TLS
Next by Date: Re: [suse-security] Privilege Separation disabled?
Previous by thread: [suse-security] SuSE Security Announcement: openssh (SuSE-SA:2003:038)
Next by thread: Re: [suse-security] Privilege Separation disabled?
Index(es):
- Date
- Thread