From owner-freebsd-security  Tue Jun 25  3:11: 9 2002
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.web.de (smtp01.web.de [194.45.170.210])
	by hub.freebsd.org (Postfix) with ESMTP id 239D637B83B
	for <freebsd-security@freebsd.org>; Tue, 25 Jun 2002 02:58:28 -0700 (PDT)
Received: from [217.82.32.109] (helo=floundjan.homeip.net)
	by smtp.web.de with esmtp (WEB.DE(Exim) 4.70 #5)
	id 17Mn5e-0002IC-00; Tue, 25 Jun 2002 11:58:26 +0200
Received: from localhost (localhost.lan [127.0.0.1])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP
	id 9AF312FA; Tue, 25 Jun 2002 11:58:24 +0200 (CEST)
Received: from jan-linnb.lan (jan-linnb.lan [192.168.0.25])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP
	id 58A5E2F0; Tue, 25 Jun 2002 11:58:20 +0200 (CEST)
Subject: Re: How to check if "UsePrivilegeSeparation" works in OpenSSH?
From: Jan Lentfer <Jan.Lentfer@web.de>
To: Thomas Seyrat <thomas@glou.net>
Cc: FreeBSD Security Maillinglist <freebsd-security@FreeBSD.ORG>
In-Reply-To: <20020625094900.GA13755@lise.hsc.fr>
References: <20020625195333.U69343-100000@a2>
	<902312FB-8813-11D6-919D-0030654D97EC@patpro.net> 
	<20020625094900.GA13755@lise.hsc.fr>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-xukGf0qR1fx8BgwYVU0a"
X-Mailer: Ximian Evolution 1.0.7 
Date: 25 Jun 2002 11:57:23 +0200
Message-Id: <1024999044.5380.2.camel@jan-linnb.lan>
Mime-Version: 1.0
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--=-xukGf0qR1fx8BgwYVU0a
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Am Die, 2002-06-25 um 11.49 schrieb Thomas Seyrat:
> patpro wrote:
> > >I don't see the [priv] bit on the second one.
> > >Can you confirm with lsof that the chroot has taken effect?
> > well in fact no, nothing about /var/empty in lsof
>=20
>   While sshd is waiting for password, I have :
>=20
> sshd      32666  0,0  0,3  3496 1596  ??  I    11:42     0:00,09 sshd: se=
yrat [net] (sshd)
>=20
>   and lsof -p 32666 | grep rtd gives :
>=20
> sshd    32666 sshd  rtd   VDIR  13,131078      512      4 /var/empty
>=20
>   This untrusted sshd process is indeed correctly chrooted.

I checked that, too. If you are using the openssh-portable port as of
today it is running in /usr/empty

su-2.05# /usr/local/sbin/lsof -p 5244 | grep rtd
sshd    5244 sshd  rtd   VDIR 116,131077      512 4587008 /usr/empty


Regards,

Jan

--=-xukGf0qR1fx8BgwYVU0a
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQA9GD6DN1wGzE0LIcgRAscuAJ9ve9QHGg7UvW3qcfnvf6TiYA0oHACgnniX
/UUZleUlVE938SbI1Gvh5vI=
=Mw6V
-----END PGP SIGNATURE-----

--=-xukGf0qR1fx8BgwYVU0a--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message