Comment by charcircuit
14 days ago
The kernel can start a process with any user it wants. The user doesn't have to switch during the process's life.
14 days ago
The kernel can start a process with any user it wants. The user doesn't have to switch during the process's life.
Yes, but that has to happen somewhere. OpenSSH already uses privilege separation to limit the scope of the code which requests the kernel set the user for the process for the session. Can you say where precisely you think that should happen instead? If you’re saying it should delegate to login(1) it would be useful to discuss in detail what you see OpenSSH doing which is weaker because otherwise that seems like it’s just recreating chances for this CVE without meaningfully improving a hardened implementation.