Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Huh, I briefly looked at the documentation for UsePrivilegeSeparation option and it looks very similar to what you're describing. Interesting why it didn't prevent this attack.


Note that UsePrivilegeSeparation is no longer an option; it is mandatory since OpenSSH 7.5, released seven years ago.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: