From owner-freebsd-security  Tue Jun 25  1: 6:44 2002
Delivered-To: freebsd-security@freebsd.org
Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68])
	by hub.freebsd.org (Postfix) with ESMTP id 6B13837B435
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 01:00:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g5P80v3x069672;
	Tue, 25 Jun 2002 20:00:57 +1200 (NZST)
	(envelope-from andrew@scoop.co.nz)
Date: Tue, 25 Jun 2002 20:00:57 +1200 (NZST)
From: Andrew McNaughton <andrew@scoop.co.nz>
X-X-Sender: andrew@a2
To: patpro <patpro@patpro.net>
Cc: Jan Lentfer <Jan.Lentfer@web.de>, <freebsd-security@FreeBSD.ORG>
Subject: Re: How to check if "UsePrivilegeSeparation" works in OpenSSH?
In-Reply-To: <E59ABC95-880A-11D6-919D-0030654D97EC@patpro.net>
Message-ID: <20020625195333.U69343-100000@a2>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Tue, 25 Jun 2002, patpro wrote:

> On mardi, juin 25, 2002, at 08:46 , Jan Lentfer wrote:
>
> > Finally I added "UsePrivilegeSeparation yes" to /etc/ssh/sshd_config and
> > SIGHUPed sshd. sshd -V no reports version 3.3.
> >
> > Am I set and done? Is there a way to check if Privilege Seperation
> > really works ?
>
>
> just log in (via ssh of course) and type :
>
> $ ps -aux | grep sshd | grep -v grep
>
> and make sure it gives something like this :
>
> root     178  0.0  1.3  2088 1180  ??  Is  4:40PM  0:00.20 /usr/local/sbin/
> sshd
> root   61294  0.0  1.8  4868 1656  ??  I   8:21AM  0:00.05 sshd: patpro
> [priv] (sshd)
> patpro 61296  0.0  1.9  5000 1744  ??  S   8:21AM  0:00.14 sshd: patpro@
> ttyp0 (sshd)
>
>
> first process : regular sshd daemon,
> second : spawned root limited process,
> third : active process with limited privileges. (spawned from the 2nd
> process if I understand correctly)

I don't see the [priv] bit on the second one.

Can you confirm with lsof that the chroot has taken effect?

Andrew McNaughton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message