From owner-freebsd-security  Tue Jul  2 15:29:58 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E3A1F37B412
	for <security@FreeBSD.org>; Tue,  2 Jul 2002 15:29:53 -0700 (PDT)
Received: from corbulon.video-collage.com (corbulon.video-collage.com [64.35.99.179])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A896E43E09
	for <security@FreeBSD.org>; Tue,  2 Jul 2002 15:29:52 -0700 (PDT)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from misha (250-217.customer.cloud9.net [168.100.250.217])
	by corbulon.video-collage.com (8.12.2/8.12.2) with ESMTP id g62MTlrE048043
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL);
	Tue, 2 Jul 2002 18:29:48 -0400 (EDT)
	(envelope-from mi+mx@aldan.algebra.com)
X-Authentication-Warning: corbulon.video-collage.com: Host 250-217.customer.cloud9.net [168.100.250.217] claimed to be misha
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mikhail Teterin <mi+mx@aldan.algebra.com>
Organization: Virtual Estates, Inc.
To: Dag-Erling Smorgrav <des@ofug.org>
Subject: Re: two sshd processes per session?
Date: Tue, 2 Jul 2002 18:29:44 -0400
X-Mailer: KMail [version 1.4]
Cc: security@FreeBSD.org
References: <200207021141.34021.mi+mx@aldan.algebra.com> <xzpznx9ajxp.fsf@flood.ping.uio.no>
In-Reply-To: <xzpznx9ajxp.fsf@flood.ping.uio.no>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200207021829.44485.mi+mx@aldan.algebra.com>
X-Scanned-By: MIMEDefang 2.15 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tuesday 02 July 2002 05:39 pm, Dag-Erling Smorgrav wrote:
= Mikhail Teterin <mi+mx@aldan.algebra.com> writes:
= > With the privilege separation enabled, there are two sshd processes per
= > each session. If, however, I kill the [priv] one after logging in, the
= > session continues to work properly... Perhaps, the [priv] part should
= > exit by itself? I must be missing something...
=
= If you kill the monitor, you won't be able to do stuff like connect to
= forwarded ports etc.,

I just verified, that forwarded ports continue to work -- both the -L and
the -R ones.

= and your session might not be properly shut down fter you disconnect.

What exactly will break? At least, the w(1)'s output is correct after
the disconnection -- shell is responsible for that. What else?

Thanks!

	-mi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message