From owner-freebsd-security Wed Jun 26 6:58:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail7.svr.pol.co.uk (mail7.svr.pol.co.uk [195.92.193.21]) by hub.freebsd.org (Postfix) with ESMTP id 523ED37B401 for ; Wed, 26 Jun 2002 06:58:20 -0700 (PDT) Received: from [195.92.168.141] (helo=tmailb1.svr.pol.co.uk) by mail7.svr.pol.co.uk with esmtp (Exim 3.35 #1) id 17NDJL-0001sH-00 for security@freebsd.org; Wed, 26 Jun 2002 14:58:19 +0100 Received: from modem-2775.lion.dialup.pol.co.uk ([217.135.170.215] helo=chrome.intranet) by tmailb1.svr.pol.co.uk with smtp (Exim 3.35 #1) id 17NDJJ-0005Qh-00 for security@freebsd.org; Wed, 26 Jun 2002 14:58:18 +0100 Received: (qmail 8370 invoked by uid 500); 26 Jun 2002 14:06:45 -0000 From: steve-lists@reentrant.co.uk Date: Wed, 26 Jun 2002 15:06:45 +0100 To: "Philip J. Koenig" Cc: security@freebsd.org Subject: Re: Binary upgrade available Message-ID: <20020626150645.A8340@chrome.intranet> References: <20020626121130543.AAA754@empty1.ekahuna.com@pc02.ekahuna.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020626121130543.AAA754@empty1.ekahuna.com@pc02.ekahuna.com>; from pjklist@ekahuna.com on Wed, Jun 26, 2002 at 05:11:32AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Philip J. Koenig [06m26d02y 13:32]: > According to the steps outlined earlier to ascertain whether privsep > is working, in my case it seems not to be. (I am of the impression > that the path shown at the end should now show "/usr/empty"): > > > #lsof -p |grep rtd > sshd 109 root rtd VDIR 13,196608 1024 2 / This took me a while to figure out, but my understanding is this: The parent sshd process, still runs as root. During login (i.e. when there is a password prompt being displayed), sshd runs a less-privileged process, which is marked with [net] in the output of ps. This handles the connection process and, at least for my install of /usr/ports/security/openssh, runs as nobody in /usr/local/empty. For example: nobody 1068 6.1 3.7 3524 2092 ?? S 2:52PM 0:01.65 sshd: steve [net] (sshd) The output of lsof -p 1068 | grep rtd is then : sshd 1068 nobody rtd VDIR 116,131078 512 45177 /usr/local/empty which I think is what you were expecting before. After authentication, there are two process per session: a privileged process, marked with [priv] which is run as root; and another process which runs as the user which is logging in. The latter looks like "sshd: user@tty (sshd)". The above is just my understanding of it, but I hope that helps, Steve. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message