March 26th, 2003, 10:21 PM
What is "Privilege Seperation" ?
Today, I figured out why I couldn't connect to a computer using SSH, like I used to do. The SSH Deamon wasn't running, so I tried to start it up again. It wouldn't, complaining about the lack of sshd user. Once I created that, sshd started again, and my problems were over.
After I got sshd back up and running, I noticed that it was running as root, not as the user I had to create in order to get it running. Hows that? I asked around a bit, and figured out it had something to do with someting called "Privilege Seperation." Looking for that on google I found a bunch of links that said something about where it's used, but not what it is. Can someone give me some pointers?
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
March 26th, 2003, 10:39 PM
It is a security measure to keep unprivileged and privileged processes separate. The following quote is from http://www.citi.umich.edu/u/provos/cybersecurity/
Hope that helps-
Privilege Separation is a protection mechanism at the application level that separates the privileged code path from the unprivileged code path. An adversary interacts with the unprivileged part only; an exploitable programming error in the unprivileged code path does not lead to immediate privilege escalation.
March 27th, 2003, 02:57 AM
It's a hack that the OpenSSH team made when they discovered that they had a remotely exploitable vulnerability, and they somehow needed to fix it without revealing to would-be attackers which piece of the sizeable code it was in.
So they made a fairly generic fix, and surrepticiously released it as a "feature". Subsequently when the bug came to light, people were initially told to simply turn this dormant feature on until a full patch was released (which fixed the bug, but in doing to gave the attackers enough information to exploit it)
Clearly the likes of Microsoft with their closed-source software can surrepticiously fix security holes they hope no-one's spotted (assuming they find them first) and then pretend they never existed (unless they're rediscovered)
This was the open source people trying to do their best at doing the same.