Re: priviledge seperation not working like before

From: Ben Lindstrom (mouring@etoh.eviladmin.org)
Date: 02/13/03

  • Next message: list1@0ff.org: "Re: priviledge seperation not working like before" 
    Date: Thu, 13 Feb 2003 14:31:09 -0600 (CST)
From: Ben Lindstrom <mouring@etoh.eviladmin.org>
To: "list1@0ff.org" <list1@0ff.org>

    On Thu, 13 Feb 2003, list1@0ff.org wrote:

    > Hello--
    >
    > I just realized that my previously installed sshd is NOT using privilege
    > separation..So..I went to reconfigure it, and make sure it was working
    > correctly.
    >
    > Configure:
    >
    > ./configure --with-tcp-wrappers --with-md5-passwords --with-pam
    > --with-privsep-path=/var/empty --with-privsep-user=sshd
    >
    > Yes, sshd exists, yes /var/empty exists, yes yes yes..
    >
    > my current sshd_conf does reads:
    >
    > PAMAuthenticationViaKbdInt no <-- per the README.privsep
    > and
    > UsePrivilegeSeparation yes <-- obvious
    >
    > and here is the current ps aux | grep sshd:
    >
    > root 24673 0.0 0.1 2644 1156 ? S Feb12 0:00 /usr/sbin/sshd
    > root 254 0.0 0.2 3412 1644 ? S Feb12 0:00 /usr/sbin/sshd
    > where 5321 0.0 0.2 3468 1876 ? S Feb12 0:00 /usr/sbin/sshd
    >
    > (pids are randomized, btw)
    >

    I suspect that one is the parent sshd that listens for new request then
    you have the 'Prived' and 'Unprived' children (which I assume is pid 254
    and 5321). So for one connection you have 3 sshd runninng.. for two you
    have 5, etc..

    > I am at a loss, configure shows no errors, make works, etc.. One thing I
    > noticed that was most odd was that substituting a NON-existent user in
    > place of sshd in the above configuration did NOT produce an error
    >
    > ssh version is OpenSSH_3.5p1
    > linux box running 2.4.19-grsecurity kernel that _has_ had this working before
    >

    The issue is that setproctitle() is not implemented for Linux.

    Off of OpenBSD you get:

    10071 ?? Is 0:06.41 /usr/sbin/sshd
    30830 ?? Is 0:00.06 sshd: mouring [priv] (sshd)
    31043 ?? I 1:12.01 sshd: mouring@ttyp0 (sshd)

    the [priv] is running as root and the other is runnig as mouring. As a
    result the few things that require root privs are passed up the [priv]
    process to be handled.

    - Ben

    Relevant Pages

    • priviledge seperation not working like before
      ... I just realized that my previously installed sshd is NOT using privilege ... separation..So..I went to reconfigure it, and make sure it was working ... Yes, sshd exists, yes /var/empty exists, yes yes yes.. ...
      (SSH)
    • Re: SSH hackability?
      ... >> that has the privilege of the authenticated user. ... > same user running sshd. ... having a process that does authentication only, just as portknockd, ... You not only have to think about attacks on secrecy and integrity, ...
      (alt.os.linux.suse)
    • When does Privilege Seperation work.
      ... Yesterday i've updated my server to openssh 3.3 after configuring my server ... running privilege seperation. ... Why do i need a sshd user and group? ...
      (comp.security.ssh)
    • When does Privilege Seperation work.
      ... Yesterday i've updated my server to openssh 3.3 after configuring my server ... running privilege seperation. ... Why do i need a sshd user and group? ...
      (comp.security.ssh)
    • Re: Workarounds for OpenSSH problems
      ... >>sign of an sshd process running as anything other than root though. ... >>Compression is enabled when I connect, but I'm not sure that the privilege ... make a practice of installing new ssh version with PREFIX specified, ...
      (FreeBSD-Security)