Re: When does Privilege Seperation work.

From: Evert (linux@dds.nl)
Date: 06/26/02


From: "Evert" <linux@dds.nl>
Date: Wed, 26 Jun 2002 16:03:34 +0200


> In article <Pine.GSO.4.44.0206260855260.27100-100000
> @bellatrix.students.cs.uu.nl>, ajoostin@students.cs.uu.nl says...
> > Hi,
> >
> > Yesterday i've updated my server to openssh 3.3 after configuring my
server
> > using the instructions from README.privsep, but some questions remain:
> > 1. How do i know privilege sepration is really working on my system, for
> > instance which lines in the debug output from sshd indicate
> > running privilege seperation.
> > 2. Why do i need a sshd user and group? In the output of top or ps i see
> > no processes running with username sshd.
> >
> > I hope someone can answers this questions. I will supply some additional
> > information about my system, maybe that helps when anwsering my
questions.
> >
> > Greeting Arjan
> >
> > My system:
> > Linux dist : Linux From Scratch
> > Linux kernel : 2.4.17
> > Glibc version : 2.2.3
> > Openssh version : 3.3p1
> >
> >
>
> Hi,
>
> I have similar concerns:
> After an upgrade of openssh to 3.3 on my FreeBSD 4.6 server I can see
> that PrivilegeSeparation is tuned on:
>
> # ps -ax | grep sshd
> 83 ?? IWs 0:00.00 /usr/sbin/sshd
> 119 ?? IW 0:00.00 sshd: user [priv] (sshd)
> 121 ?? S 0:00.18 sshd: user@ttyp0 (sshd)
>
>
> On my Linux server (kerner 2.4.7) I don't see that [priv]
>
> # ps -ax | grep sshd
> 15090 ? S 0:00 /usr/sbin/sshd
> 15096 ? S 0:00 /usr/sbin/sshd
> 15098 ? S 0:00 /usr/sbin/sshd
> 15294 pts/6 S 0:00 grep sshd
>

same problem here:

when i do 'ps -aux | grep sshd' i get:

root 13944 0.0 0.7 2752 1264 ? S
10:26 0:00 /usr/sbin/sshd
root 13959 0.0 1.0 5988 1732 ? S
10:28 0:00 /usr/sbin/sshd
evert 13961 0.0 1.2 6116 2032 ? S
10:28 0:00 /usr/sbin/sshd
root 18369 0.0 0.3 1792 604 pts/1 S
10:47 0:00 grep sshd

so the child is still root??

'ps -lfxa' gives me:

140 0 13944 1 9 0 2752 1264 do_sel S ?
         0:00 /usr/sbin/sshd
140 0 13959 13944 9 0 5988 1732 unix_s S ?
         0:00 \_ /usr/sbin/sshd
140 501 13961 13959 9 0 6116 2032 do_sel S ?
         0:00 \_ /usr/sbin/sshd
000 501 13962 13961 9 0 2788 1596 wait4 S
pts/1 0:00 \_ -bash
0

so. the extra process is a child, but still running as root...
i did everything mentioned in readme.privsep though..

Evert