Am 09.05.2014 um 12:08 schrieb Dag-Erling Smørgrav <des@xxxxxx>: > Damien Miller <djm@xxxxxxxxxxx> writes: >> The memory dump seems in indicate a post-auth process (and possibly >> sftp-server/internal-sftp), so it's surprising it could see the >> password hash to begin with and it would be highly unlikely to see >> anything else that is sensitive. > > (caveat: my recollection of the privsep model is slightly hazy; is there > a whitepaper somewhere?) http://www.citi.umich.edu/u/provos/ssh/privsep.html -m _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev