Re: How to verify Privilege Separation is working?

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 09/26/04 

Date: Sun, 26 Sep 2004 00:52:12 +0000 (UTC)

In article <705712dd.0409230535.4c98a4a7@posting.google.com>,
Philip Le Riche <p.j.le.r@virgin.net> wrote:
>Is there a simple way to positively demonstrate that privilege
>separation is working? Running ps -fe shows all sshd processes running
>as root. If /var/empty doesn't exist, sshd still seems to work, but
>presumably without privilege separation. There may be other
>configuration errors which could have the same effect.

Yes, "ps" will show 2 sshd's per user, one with a uid of root and
the other of the logged-in user. If the platform has setproctitle or
equivalent (I can't remember if AIX does) then the processes will have
annotations like:

root 17663 707 1 10:50 ? 00:00:00 sshd: dtucker [priv]
dtucker 17665 17663 1 10:50 ? 00:00:00 sshd: dtucker@pts/0

>(The reason I ask is that a vulnerability assessment has shown that I
>need to upgrade to OpenSSH 3.7.1 to avoid known vulnerabilities.
>However, rebuilding from source has run into problems with
>incompatible libraries since we're on an old version of AIX.

How old an AIX and what error? I built 3.8p1 on AIX 4.2.1 and I suspect
the newer OpenSSHs should be easy to get working if they don't already.
(My disk with 4.2.1 on it is dying with a bad bearing, but if it will
help I can see if it still spins :-)

>No doubt
>these are fixable, given time my management may not allow me, but if I
>could positively demonstrate that privilege separation is working, I
>could argue that the risk is low and limited to DoS. Agreed?)

What version do you have? If I were paranoid I would upgrade anyway. 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: Workarounds for OpenSSH problems
    ... > Has anyone on the list successfully used privilege separation on the ... > separation have any negative side effects, ... > one that's installed by default when one installs FreeBSD? ... > production machines don't have the ports collection. ...
    (FreeBSD-Security)
  • How to verify Privilege Separation is working?
    ... Is there a simple way to positively demonstrate that privilege ... Running ps -fe shows all sshd processes running ... presumably without privilege separation. ... (The reason I ask is that a vulnerability assessment has shown that I ...
    (comp.security.ssh)
  • How to verify Privilege Separation is working?
    ... Is there a simple way to positively demonstrate that privilege ... Running ps -fe shows all sshd processes running ... presumably without privilege separation. ... (The reason I ask is that a vulnerability assessment has shown that I ...
    (SSH)
  • Re: Solaris 10 sshd
    ... >separation with it? ... A fairly recent version but it does *not* support privilege ... Privilege separation as implemented in OpenSSH is not compatible ... to opinions held by my employer, Sun Microsystems. ...
    (comp.unix.solaris)
  • necessarily afford her logical contribution
    ... In Aix she finally found repose and peace for a few weeks--in Aix, ... deliver her elder son Napoleon Louis, into the custody of his father. ... But the separation was inevitable. ...
    (sci.crypt)