[tech] morwong (inc. ssh)
Duncan Sargeant
dunc-mail-1317F6D at rcpt.to
Fri Nov 1 14:29:15 WST 2002
Nick Bannon wrote on Fri November 01, at 14:15 +0800:
> On Fri, Nov 01, 2002 at 01:39:12PM +0800, James Andrewartha wrote:
> > No idea, but I turned ssh X forwarding on, and updated the init.d
> > script. prngd was running from ages ago, when I last tried to install a
> > recent openssh. Do we want to bother with privsep on morwong?
>
> If it works, we may as well. Instructions are in README.privsep .
ICBW, but about the only two things that privsep buys you is
protection from any undisclosed security flaws, and plain text
pass{words/phrases} appearing in an strace.
Given that we can turn it on quickly when warned of the former, I
think it would be a bad idea to enable it in our many-cooks
environment.
,dunc
More information about the tech
mailing list