BREAKING: privilege separation deprecated#171
Open
micheelengronne wants to merge 3 commits intomasterfrom
Open
BREAKING: privilege separation deprecated#171micheelengronne wants to merge 3 commits intomasterfrom
micheelengronne wants to merge 3 commits intomasterfrom
Conversation
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
micheelengronne
force-pushed
the
deprecate_privilege_separation
branch
from
fb6870c to
63bf34c
Compare
chris-rock
reviewed
May 22, 2020
| desc 'UsePrivilegeSeparation is an option, when enabled will allow the OpenSSH server to run a small (necessary) amount of code as root and the of the code in a chroot jail environment. This enables ssh to deal incoming network traffic in an unprivileged child process to avoid privilege escalation by an attacker.' | ||
| desc 'UsePrivilegeSeparation is deprecated.' | ||
| describe sshd_config(sshd_custom_path + '/sshd_config') do | ||
| its('UsePrivilegeSeparation') { should eq(sshd_valid_privseparation) } |
Member
There was a problem hiding this comment.
I think we also need to remove
ssh-baseline/controls/sshd_spec.rb
Lines 35 to 39 in 0932d5f
ssh-baseline/libraries/ssh_crypto.rb
Lines 172 to 210 in 3849c52
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
Member
Author
|
We must also warn that it will break compatibility with previous versions. |
Member
|
It is not a breaking change since the control stays available. I agree that the version bump for the profile should be major instead of minor |
micheelengronne
changed the title
Member
Author
|
I added BREAKING in the title to introduce a new MAJOR version. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.