- (djm) Update README.privsep; spotted by fries@

author: Damien Miller <djm@mindrot.org> 2002-06-22 00:45:50 +1000
committer: Damien Miller <djm@mindrot.org> 2002-06-22 00:45:50 +1000
commit: 263d68fc567c831e1e16d5c49efb4964ed144f64 (patch)
tree: fbe3833debc6238e4442f5dbc497c4833be176ac /README.privsep
parent: c7d6d5552160c657cb173105216cbfa5853c1eba (diff)
1 files changed, 10 insertions, 11 deletions
diff --git a/README.privsep b/README.privsep
index 89b9d0457..79ea62783 100644
--- a/README.privsep
+++ b/README.privsep
@@ -1,13 +1,12 @@
-Privilege separation, or privsep, is an experimental feature in
+Privilege separation, or privsep, is method in OpenSSH by which
-OpenSSH in which operations that require root privilege are performed
+operations that require root privilege are performed by a separate
-by a separate privileged monitor process.  Its purpose is to prevent
+privileged monitor process.  Its purpose is to prevent privilege
-privilege escalation by containing corruption to an unprivileged
+escalation by containing corruption to an unprivileged process.  
-process.  More information is available at:
+More information is available at:
        http://www.citi.umich.edu/u/provos/ssh/privsep.html
-Privilege separation is not enabled by default, and may be enabled by
+Privilege separation is now enabled by default; see the
-specifying "UsePrivilegeSeparation yes" in sshd_config; see the
+UsePrivilegeSeparation option in sshd_config(5).
-UsePrivilegeSeparation option in sshd(8).
 When privsep is enabled, the pre-authentication sshd process will
 chroot(2) to "/var/empty" and change its privileges to the "sshd" user
@@ -34,8 +33,8 @@ privsep user and chroot directory:
 Privsep requires operating system support for file descriptor passing
 and mmap(MAP_ANON).
-PAM-enabled OpenSSH is known to function with privsep on Linux and
+PAM-enabled OpenSSH is known to function with privsep on Linux.  
-Solaris 8.  It does not function on HP-UX with a trusted system
+It does not function on HP-UX with a trusted system
 configuration.  PAMAuthenticationViaKbdInt does not function with
 privsep.
@@ -54,4 +53,4 @@ process 1005 is the sshd process listening for new connections.
 process 6917 is the privileged monitor process, 6919 is the user owned
 sshd process and 6921 is the shell process.
-$Id: README.privsep,v 1.5 2002/05/22 01:02:15 djm Exp $
+$Id: README.privsep,v 1.6 2002/06/21 14:45:50 djm Exp $
author	Damien Miller <djm@mindrot.org>	2002-06-22 00:45:50 +1000
committer	Damien Miller <djm@mindrot.org>	2002-06-22 00:45:50 +1000
commit	263d68fc567c831e1e16d5c49efb4964ed144f64 (patch)
tree	fbe3833debc6238e4442f5dbc497c4833be176ac /README.privsep
parent	c7d6d5552160c657cb173105216cbfa5853c1eba (diff)

diff --git a/README.privsep b/README.privsep index 89b9d0457..79ea62783 100644 --- a/README.privsep +++ b/README.privsep
@@ -1,13 +1,12 @@
1	Privilege separation, or privsep, is an experimental feature in	1	Privilege separation, or privsep, is method in OpenSSH by which
2	OpenSSH in which operations that require root privilege are performed	2	operations that require root privilege are performed by a separate
3	by a separate privileged monitor process. Its purpose is to prevent	3	privileged monitor process. Its purpose is to prevent privilege
4	privilege escalation by containing corruption to an unprivileged	4	escalation by containing corruption to an unprivileged process.
5	process. More information is available at:	5	More information is available at:
6	http://www.citi.umich.edu/u/provos/ssh/privsep.html	6	http://www.citi.umich.edu/u/provos/ssh/privsep.html
7		7
8	Privilege separation is not enabled by default, and may be enabled by	8	Privilege separation is now enabled by default; see the
9	specifying "UsePrivilegeSeparation yes" in sshd_config; see the	9	UsePrivilegeSeparation option in sshd_config(5).
10	UsePrivilegeSeparation option in sshd(8).
11		10
12	When privsep is enabled, the pre-authentication sshd process will	11	When privsep is enabled, the pre-authentication sshd process will
13	chroot(2) to "/var/empty" and change its privileges to the "sshd" user	12	chroot(2) to "/var/empty" and change its privileges to the "sshd" user
@@ -34,8 +33,8 @@ privsep user and chroot directory:
34	Privsep requires operating system support for file descriptor passing	33	Privsep requires operating system support for file descriptor passing
35	and mmap(MAP_ANON).	34	and mmap(MAP_ANON).
36		35
37	PAM-enabled OpenSSH is known to function with privsep on Linux and	36	PAM-enabled OpenSSH is known to function with privsep on Linux.
38	Solaris 8. It does not function on HP-UX with a trusted system	37	It does not function on HP-UX with a trusted system
39	configuration. PAMAuthenticationViaKbdInt does not function with	38	configuration. PAMAuthenticationViaKbdInt does not function with
40	privsep.	39	privsep.
41		40
@@ -54,4 +53,4 @@ process 1005 is the sshd process listening for new connections.
54	process 6917 is the privileged monitor process, 6919 is the user owned	53	process 6917 is the privileged monitor process, 6919 is the user owned
55	sshd process and 6921 is the shell process.	54	sshd process and 6921 is the shell process.
56		55
57	$Id: README.privsep,v 1.5 2002/05/22 01:02:15 djm Exp $	56	$Id: README.privsep,v 1.6 2002/06/21 14:45:50 djm Exp $