[CentOS] defense-in-depth possible for sshd?

Tue Jan 10 13:16:00 UTC 2012
John Doe <jdmls at yahoo.com>

From: Bennett Haselton <bennett at peacefire.org>

> On 1/10/2012 2:02 AM, Adrian Sevcenco wrote:
>>  UsePrivilegeSeparation
>>  Specifies whether sshd(8) separates privileges by creating an 
>>  unprivileged child process to deal with incoming network traffic. 
>>  After successful authentication, another process will be created that 
>>  has the privilege of the authenticated user.  The goal of privilege 
>>  separation is to prevent privilege escalation by containing any 
>>  corruption within the unprivileged processes.  The default is 
> ``yes''. 
> OK.  So it sounds like if you found a particular exploit in sshd that 
> could *only* do certain things -- like write a file to an arbitrary 
> location on disk -- then this privilege separation would prevent that 
> exploit from being used to make the child process write somewhere that 
> it didn't have privileges to write to.

Do a ps and look at the sshd tree.  Example:
root      6014  0.0  0.1  97816  3760 ?        S    11:01   0:00  \_ sshd: bob [priv]
bob       6029  0.0  0.0  97816  1796 ?        S    11:01   0:00      \_ sshd: bob at pts/2 
bob       6030  0.0  0.0 108392  1760 pts/2    Ss   11:01   0:00          \_ -bash

The sshd child is running as bob; so it has bob (and not root) rights...

JD