Re: Upcoming OpenSSH vulnerability

[Lars Hansson <lars_(_at_)_unet_(_dot_)_net_(_dot_)_ph>]

On Wed, 26 Jun 2002 13:57:58 +0200
"Paul de Weerd" <paul_(_at_)_mail_(_dot_)_me_(_dot_)_maar_(_dot_)_nu> wrote:

> It appears that machines running 2.2 Linux kernels do not support the
> privilege separation option and can thus not be made 'safe'. I've
> patched several Linux boxes to OpenSSH 3.3; all 2.4 machines work, all
> 2.2 machines don't (immediate disconnect).

It works for me on a Slackware 8/kernel 2.2.19 box.
$ ps auxww | grep sshd
root       180  0.0  0.0  1208  348 ?        S    Jun18   0:00 supervise sshd
root       195  0.0  0.0  1224  400 ?        S    Jun18   0:00 multilog t /var/log/sshd
root     15712  0.0  0.2  2836 1272 ?        S    15:02   0:00 sshd -D -e
root     16501  0.0  0.3  3440 1808 ?        S    20:00   0:00 sshd -D -e
lars     16503  0.0  0.3  2912 1632 ?        S    20:00   0:00 sshd -D -e
lars     16525  0.0  0.0  1328  456 pts/0    R    20:01   0:00 grep sshd

I suppose the "sshd -D -e" entry for user lars means that privsep is working.
I think I read somewhere that [priv] doesnt show on Linux?

---
Lars Hansson