From: Bennett Haselton <bennett at peacefire.org> > On 1/10/2012 2:02 AM, Adrian Sevcenco wrote: >> UsePrivilegeSeparation >> Specifies whether sshd(8) separates privileges by creating an >> unprivileged child process to deal with incoming network traffic. >> After successful authentication, another process will be created that >> has the privilege of the authenticated user. The goal of privilege >> separation is to prevent privilege escalation by containing any >> corruption within the unprivileged processes. The default is > ``yes''. > OK. So it sounds like if you found a particular exploit in sshd that > could *only* do certain things -- like write a file to an arbitrary > location on disk -- then this privilege separation would prevent that > exploit from being used to make the child process write somewhere that > it didn't have privileges to write to. Do a ps and look at the sshd tree. Example: root 6014 0.0 0.1 97816 3760 ? S 11:01 0:00 \_ sshd: bob [priv] bob 6029 0.0 0.0 97816 1796 ? S 11:01 0:00 \_ sshd: bob at pts/2 bob 6030 0.0 0.0 108392 1760 pts/2 Ss 11:01 0:00 \_ -bash The sshd child is running as bob; so it has bob (and not root) rights... JD