On Thu, Nov 21, 2002 at 11:03:56AM +0100, Klaas Hagemann wrote: > Hi Florian, > > the priviledge sepearation was the point, thanks a lot. > Í have never heard of these option. Maybe someone can explain me, what could > happen, when i turn it off? future vulnerabilities found in sshd will most likly result in root comprimise if you turn privsep off, and will most likly be unexploitable if you leave it on. note that nothing in the pam docs/specs requires that pam session modules run as root, thats an assumption made by module developers since most programs using pam have run session modules as root. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp00056.pgp
Description: PGP signature