diff options
author | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-12-20 00:22:52 +0000 |
commit | 971a7653746a6972b907dfe0ce139c06e4a6f482 (patch) | |
tree | 70fb964265d57ae4967be55b75dbb2a122e9b969 /README.privsep | |
parent | a8ed8d256b2e2c05b0c15565a7938028c5192277 (diff) | |
parent | 4a354fc231174901f2629437c2a6e924a2dd6772 (diff) |
Import openssh_7.4p1.orig.tar.gz
Diffstat (limited to 'README.privsep')
-rw-r--r-- | README.privsep | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/README.privsep b/README.privsep index f565e72da..2120544c7 100644 --- a/README.privsep +++ b/README.privsep | |||
@@ -8,10 +8,6 @@ More information is available at: | |||
8 | Privilege separation is now enabled by default; see the | 8 | Privilege separation is now enabled by default; see the |
9 | UsePrivilegeSeparation option in sshd_config(5). | 9 | UsePrivilegeSeparation option in sshd_config(5). |
10 | 10 | ||
11 | On systems which lack mmap or anonymous (MAP_ANON) memory mapping, | ||
12 | compression must be disabled in order for privilege separation to | ||
13 | function. | ||
14 | |||
15 | When privsep is enabled, during the pre-authentication phase sshd will | 11 | When privsep is enabled, during the pre-authentication phase sshd will |
16 | chroot(2) to "/var/empty" and change its privileges to the "sshd" user | 12 | chroot(2) to "/var/empty" and change its privileges to the "sshd" user |
17 | and its primary group. sshd is a pseudo-account that should not be | 13 | and its primary group. sshd is a pseudo-account that should not be |
@@ -35,9 +31,6 @@ privsep user and chroot directory: | |||
35 | --with-privsep-path=xxx Path for privilege separation chroot | 31 | --with-privsep-path=xxx Path for privilege separation chroot |
36 | --with-privsep-user=user Specify non-privileged user for privilege separation | 32 | --with-privsep-user=user Specify non-privileged user for privilege separation |
37 | 33 | ||
38 | Privsep requires operating system support for file descriptor passing. | ||
39 | Compression will be disabled on systems without a working mmap MAP_ANON. | ||
40 | |||
41 | PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, | 34 | PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, |
42 | HP-UX (including Trusted Mode), Linux, NetBSD and Solaris. | 35 | HP-UX (including Trusted Mode), Linux, NetBSD and Solaris. |
43 | 36 | ||
@@ -59,5 +52,3 @@ Given the following process listing (from HP-UX): | |||
59 | process 1005 is the sshd process listening for new connections. | 52 | process 1005 is the sshd process listening for new connections. |
60 | process 6917 is the privileged monitor process, 6919 is the user owned | 53 | process 6917 is the privileged monitor process, 6919 is the user owned |
61 | sshd process and 6921 is the shell process. | 54 | sshd process and 6921 is the shell process. |
62 | |||
63 | $Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $ | ||