Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Jun 2002 15:06:45 +0100
From:      steve-lists@reentrant.co.uk
To:        "Philip J. Koenig" <pjklist@ekahuna.com>
Cc:        security@freebsd.org
Subject:   Re: Binary upgrade available
Message-ID:  <20020626150645.A8340@chrome.intranet>
In-Reply-To: <20020626121130543.AAA754@empty1.ekahuna.com@pc02.ekahuna.com>; from pjklist@ekahuna.com on Wed, Jun 26, 2002 at 05:11:32AM -0700
References:  <bulk.41778.20020626034755@hub.freebsd.org> <20020626121130543.AAA754@empty1.ekahuna.com@pc02.ekahuna.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
* Philip J. Koenig <pjklist@ekahuna.com> [06m26d02y 13:32]:
> According to the steps outlined earlier to ascertain whether privsep 
> is working, in my case it seems not to be. (I am of the impression 
> that the path shown at the end should now show "/usr/empty"):
> 
> 
> #lsof -p <sshd pid> |grep rtd
> sshd	109	root	rtd	VDIR	13,196608	1024	2 /

This took me a while to figure out, but my understanding is this:

The parent sshd process, still runs as root.
During login (i.e. when there is a password prompt being displayed),
sshd runs a less-privileged process, which is marked with [net] in the
output of ps. This handles the connection process and, at least for my
install of /usr/ports/security/openssh, runs as nobody in
/usr/local/empty. For example:

nobody  1068  6.1  3.7  3524 2092  ??  S     2:52PM   0:01.65 sshd: steve [net] (sshd)

The output of lsof -p 1068 | grep rtd is then :

sshd    1068 nobody  rtd   VDIR 116,131078      512  45177 /usr/local/empty

which I think is what you were expecting before.

After authentication, there are two process per session: a privileged
process, marked with [priv] which is run as root; and another process
which runs as the user which is logging in. The latter looks like
"sshd: user@tty (sshd)".

The above is just my understanding of it, but I hope that helps,

Steve.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626150645.A8340>