From owner-freebsd-stable Wed Aug 14 11: 4:28 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C58137B400 for ; Wed, 14 Aug 2002 11:04:26 -0700 (PDT) Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4154943E75 for ; Wed, 14 Aug 2002 11:04:25 -0700 (PDT) (envelope-from zingelman@fnal.gov) Received: from localhost (tez@localhost) by nova.fnal.gov (8.11.6+Sun/8.11.6) with ESMTP id g7EI4Gx24125; Wed, 14 Aug 2002 13:04:17 -0500 (CDT) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Wed, 14 Aug 2002 13:04:16 -0500 (CDT) From: Tim Zingelman X-X-Sender: tez@nova.fnal.gov Reply-To: Tim Zingelman To: "Evgueni V. Gavrilov" Cc: freebsd-stable@FreeBSD.ORG Subject: Re: gotcha with OpenSSH 3.4 and PrivilegeSeparation In-Reply-To: <3D59F5A7.70607@rshb.com.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 14 Aug 2002, Evgueni V. Gavrilov wrote: > I noticed a gotcha in OpenSSH 3.4 with privilege separation turned on. > > Upon loosing of remote client unprivileged process of sshd doesn't die. > I tried to vary KeepAlive and/or ClientAlive* settings but nothing changed. > > The only way to manage the gotcha is to send -HUP to master of > unprivileged process. This is the way it is supposed to work. The privileged process needs to stay around until after the unprivileged process goes away. - Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message