Re: deprecation of UsePrivilegeSeparation breaks container use cases

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, Aug 7, 2017 at 3:17 AM, Darren Tucker <dtucker@xxxxxxxxxx> wrote:
> On Mon, Aug 7, 2017 at 5:44 AM, Aleksandar Kostadinov
> ...
> As I said last time this came up:
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035906.html
> Disabling privsep will not be supported.  Running as an unprivileged user is
> supported in the two-process configuration.

Thanks a lot for pointing me at the right direction. I tested with
SSHd 7.5p1 and also with 7.4p1. It works running as unprivileged user
(username `git`) using priv separation! Output reformatted for
readability:

-bash-4.3$ cd /proc
-bash-4.3$ cat 1/cmdline
/usr/sbin/sshd-D
-bash-4.3$ cat 57/cmdline
sshd: git [priv]
-bash-4.3$ cat 60/cmdline
sshd: git@pts/0
-bash-4.3$ cat 61/cmdline
-bash

<...>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux