From f1596419c2717cb81dd4b676d5e0cf1a3e30e98c Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Tue, 22 Jul 2008 19:01:18 +0000
Subject: Properly flatten openssh/dist.

---
 crypto/openssh/README.privsep | 63 -------------------------------------------
 1 file changed, 63 deletions(-)
 delete mode 100644 crypto/openssh/README.privsep

(limited to 'crypto/openssh/README.privsep')

diff --git a/crypto/openssh/README.privsep b/crypto/openssh/README.privsep
deleted file mode 100644
index f565e72..0000000
--- a/crypto/openssh/README.privsep
+++ /dev/null
@@ -1,63 +0,0 @@
-Privilege separation, or privsep, is method in OpenSSH by which
-operations that require root privilege are performed by a separate
-privileged monitor process.  Its purpose is to prevent privilege
-escalation by containing corruption to an unprivileged process.
-More information is available at:
-	http://www.citi.umich.edu/u/provos/ssh/privsep.html
-
-Privilege separation is now enabled by default; see the
-UsePrivilegeSeparation option in sshd_config(5).
-
-On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
-compression must be disabled in order for privilege separation to
-function.
-
-When privsep is enabled, during the pre-authentication phase sshd will
-chroot(2) to "/var/empty" and change its privileges to the "sshd" user
-and its primary group.  sshd is a pseudo-account that should not be
-used by other daemons, and must be locked and should contain a
-"nologin" or invalid shell.
-
-You should do something like the following to prepare the privsep
-preauth environment:
-
-	# mkdir /var/empty
-	# chown root:sys /var/empty
-	# chmod 755 /var/empty
-	# groupadd sshd
-	# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
-
-/var/empty should not contain any files.
-
-configure supports the following options to change the default
-privsep user and chroot directory:
-
-  --with-privsep-path=xxx Path for privilege separation chroot
-  --with-privsep-user=user Specify non-privileged user for privilege separation
-
-Privsep requires operating system support for file descriptor passing.
-Compression will be disabled on systems without a working mmap MAP_ANON.
-
-PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, 
-HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
-
-On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
-part of privsep is supported.  Post-authentication privsep is disabled
-automatically (so you won't see the additional process mentioned below).
-
-Note that for a normal interactive login with a shell, enabling privsep
-will require 1 additional process per login session.
-
-Given the following process listing (from HP-UX):
-
-     UID   PID  PPID  C    STIME TTY       TIME COMMAND
-    root  1005     1  0 10:45:17 ?         0:08 /opt/openssh/sbin/sshd -u0
-    root  6917  1005  0 15:19:16 ?         0:00 sshd: stevesk [priv]
- stevesk  6919  6917  0 15:19:17 ?         0:03 sshd: stevesk@2
- stevesk  6921  6919  0 15:19:17 pts/2     0:00 -bash
-
-process 1005 is the sshd process listening for new connections.
-process 6917 is the privileged monitor process, 6919 is the user owned
-sshd process and 6921 is the shell process.
-
-$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $
-- 
cgit v1.1