[CentOS] defense-in-depth possible for sshd?
John Doe
jdmls at yahoo.com
Tue Jan 10 13:16:00 UTC 2012
From: Bennett Haselton <bennett at peacefire.org>
> On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
>> UsePrivilegeSeparation
>> Specifies whether sshd(8) separates privileges by creating an
>> unprivileged child process to deal with incoming network traffic.
>> After successful authentication, another process will be created that
>> has the privilege of the authenticated user. The goal of privilege
>> separation is to prevent privilege escalation by containing any
>> corruption within the unprivileged processes. The default is
> ``yes''.
> OK. So it sounds like if you found a particular exploit in sshd that
> could *only* do certain things -- like write a file to an arbitrary
> location on disk -- then this privilege separation would prevent that
> exploit from being used to make the child process write somewhere that
> it didn't have privileges to write to.
Do a ps and look at the sshd tree. Example:
root 6014 0.0 0.1 97816 3760 ? S 11:01 0:00 \_ sshd: bob [priv]
bob 6029 0.0 0.0 97816 1796 ? S 11:01 0:00 \_ sshd: bob at pts/2
bob 6030 0.0 0.0 108392 1760 pts/2 Ss 11:01 0:00 \_ -bash
The sshd child is running as bob; so it has bob (and not root) rights...
JD
More information about the CentOS
mailing list