Why does PFsense use such insecure daemon configuration?

techi · Jan 31, 2010, 2:35 PM

Hi

sorry if i am wrong here, using mainly linux but looking at the sshd configuration i see UsePrivilegeSeparation is not set. As far as i know this should be always enabled!?

And also for OpenVPN the feature to drop the user rights to nobody after starting is commented out at the config.

May i ask whats the cause for this kind of configuration?

cheers

Bern · Jan 31, 2010, 4:18 PM

How useful is UsePrivilegeSeparation when you're logging in as root?

jimp · Jan 31, 2010, 9:33 PM

Those options might be useful on a multi-user system, but on pfSense most everything runs as root anyhow, and you're logging in as either root or admin, which is just an alternate account for root. There are no other users.

As for OpenVPN, the user rights don't matter much, again, because everything else is running as root. If it's commented out, it's likely because something broke with that enabled, but feel free to try it again and see if it works.