From: Bennett Haselton bennett@peacefire.org
On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
UsePrivilegeSeparation Specifies whether sshd(8) separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is
``yes''. OK. So it sounds like if you found a particular exploit in sshd that could *only* do certain things -- like write a file to an arbitrary location on disk -- then this privilege separation would prevent that exploit from being used to make the child process write somewhere that it didn't have privileges to write to.
Do a ps and look at the sshd tree. Example: root 6014 0.0 0.1 97816 3760 ? S 11:01 0:00 _ sshd: bob [priv] bob 6029 0.0 0.0 97816 1796 ? S 11:01 0:00 _ sshd: bob@pts/2 bob 6030 0.0 0.0 108392 1760 pts/2 Ss 11:01 0:00 _ -bash
The sshd child is running as bob; so it has bob (and not root) rights...
JD