On Wed, Jun 26, 2002 at 05:25:16PM -0500, Richard Cobbe wrote: > Lo, on Wednesday, June 26, Colin Watson did write: > > If you're running 3.3 with privilege separation enabled (as it is by > > default), most remote root exploits become remote exploits of the sshd > > user, which is considerably less serious. > > So, I'm running ssh 3.3 as packaged for woody. I don't have > UserPrivilegeSeparation turned off in any config files, but I still see > the following: > > [nanny-ogg:~]$ ps aux | grep [s]shd > root 268 0.0 0.2 2788 716 ? S 06:19 0:00 /usr/sbin/sshd > > sshd is still running as root. Is this what I should be seeing?
Yes, the parent process continues to run as root. If you ssh to a box running 3.3 and leave the connection at the password prompt, you'll see a process running as the sshd user until the authentication is completed. > > 3.4 added fixes for the real problems rather than just bandaging over > > them. > > Any word on when 3.4 will be available as a .deb? Not yet; there's some discussion of exactly what to do. (The discussions have been private, so unfortunately I can't give any details, not that I know all that much more anyway.) -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
