diff options
author | des <des@FreeBSD.org> | 2004-02-26 10:38:49 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2004-02-26 10:38:49 +0000 |
commit | 7d1750f1d6c24163bf22790f8527f1783315c5e7 (patch) | |
tree | 44704f8b727acba451fd902fe3c26053cb6ce73e /crypto/openssh/README.privsep | |
parent | 5c8d98dfbd6964b6be84da30b9d16df0cab3c42d (diff) | |
download | FreeBSD-src-7d1750f1d6c24163bf22790f8527f1783315c5e7.zip FreeBSD-src-7d1750f1d6c24163bf22790f8527f1783315c5e7.tar.gz |
Vendor import of OpenSSH 3.8p1.
Diffstat (limited to 'crypto/openssh/README.privsep')
-rw-r--r-- | crypto/openssh/README.privsep | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep index 64adad8..9d48bbc 100644 --- a/crypto/openssh/README.privsep +++ b/crypto/openssh/README.privsep @@ -1,15 +1,15 @@ Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege -escalation by containing corruption to an unprivileged process. +escalation by containing corruption to an unprivileged process. More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html Privilege separation is now enabled by default; see the UsePrivilegeSeparation option in sshd_config(5). -On systems which lack mmap or anonymous (MAP_ANON) memory mapping, -compression must be disabled in order for privilege separation to +On systems which lack mmap or anonymous (MAP_ANON) memory mapping, +compression must be disabled in order for privilege separation to function. When privsep is enabled, during the pre-authentication phase sshd will @@ -38,9 +38,9 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing. Compression will be disabled on systems without a working mmap MAP_ANON. -PAM-enabled OpenSSH is known to function with privsep on Linux. +PAM-enabled OpenSSH is known to function with privsep on Linux. It does not function on HP-UX with a trusted system -configuration. +configuration. On Compaq Tru64 Unix, only the pre-authentication part of privsep is supported. Post-authentication privsep is disabled automatically (so @@ -61,4 +61,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.12 2003/08/26 00:48:15 djm Exp $ +$Id: README.privsep,v 1.13 2003/11/21 12:48:55 djm Exp $ |