OpenSSH PrivilegeSeparation
I'm ccing this to suse-security@suse.com because I'm getting a number of questions on this issue. On Wed, Jun 26, 2002 at 12:02:12AM +0200, Martin Wilck wrote:
After starting the new sshd with UsePrivilegeSeparation=yes, the new sshd processes seem to still run as root and /proc/XYZ/root is still "/". Is that normal?
Privilege separation is only active before you've logged in. You can easily verify whether it is enabled by doing this: 1. connect to your server, login as root. 2. on a second console, connect to your server, without publickey authentication. The password prompt should appear. 3. Go back to the first session, and check the sshd processes: zappa:~ # ps lax|grep sshd [...] 002 0 22132 20042 10 0 [...] 0:00 /usr/sbin/sshd 006 71 22133 22132 11 0 [...] 0:00 /usr/sbin/sshd Note that the second one has uid 71. Now look at the process status: zappa:~ # cat /proc/22133/status Name: sshd State: S (sleeping) [...] Uid: 71 71 71 71 Gid: 65 65 65 65 FDSize: 32 Groups: 65 [...] zappa:~ # ll /proc/22133/root lrwxrwxrwx 1 root root [...] /proc/22133/root -> /var/empty As you see, the process is chrooted to /var/empty and running with uid 71/gid 65. After you log in, this intermediate process will go away. Also note that PrivilegeSeparation is in effect even when commented out in sshd_config; this option is on by default now. Cheers, Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (1)
-
Olaf Kirch