Ronald Hummelink ronald at
Wed Jun 26 04:39:11 PDT 2002

On Wed, 2002-06-26 at 04:13, Jesse Tie-Ten-Quee wrote:

> Yo,
> Actually that's the default on 3.3p1.  And I just had a nightmare for the
> past 3 hours fighting with it because of that fact.
> Short version:  If you are running a linux kernel 2.2 box and want to
> use 3.3p1, disable UsePrivilegeSeparation in sshd_config to get the old
> tried and true method, or disable Compression to be able to use the
> UsePrivilegeSeparation properly.
> Anyways...

You "have" to opt for disabling compression then. Without using
priviledge seperation OpenSSH 3.3 is as vulnerable to the remote root
hole as it didn't fix it yet. OpenSSH 3.3 improved the privsep code so
it actually works acceptably on something else then open/netbsd.
using privsep works around the roothole. A real fix should be released
in the form of 3.4 along with the sploit next week, if i understand all
rumours well ;)

Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list