At first glance it doesn't appear to do most of openssh's isolation of crypto from network stuff. Pity.
I'm not familiar with all the details of OpenSSH. Which kind of isolation are you referring to? 1 hope things like this can be made in a way that doesn't require extraordinary isolation measures except in extraordinary situations (e.g. running untrusted scripts).
-
-
This kind of thing: https://github.com/openssh/openssh-portable/blob/master/README.privsep … It seems running anything on modern CPUs counts as "extraordinary situations"...
-
OK, I think we probably agree that it is useful to have *some* separation. I think it's worth rethinking the details though. Even a quick re-skim of the OpenSSH privsep paper makes me sad to see the added complexity as that complexity brings its own safety hazards.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.