Results 1 to 3 of 3
  1. #1
    Hi mom!
    Join Date
    Aug 2001

    What is "Privilege Seperation" ?

    Today, I figured out why I couldn't connect to a computer using SSH, like I used to do. The SSH Deamon wasn't running, so I tried to start it up again. It wouldn't, complaining about the lack of sshd user. Once I created that, sshd started again, and my problems were over.

    After I got sshd back up and running, I noticed that it was running as root, not as the user I had to create in order to get it running. Hows that? I asked around a bit, and figured out it had something to do with someting called "Privilege Seperation." Looking for that on google I found a bunch of links that said something about where it's used, but not what it is. Can someone give me some pointers?
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  2. #2
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    It is a security measure to keep unprivileged and privileged processes separate. The following quote is from http://www.citi.umich.edu/u/provos/cybersecurity/

    Privilege Separation is a protection mechanism at the application level that separates the privileged code path from the unprivileged code path. An adversary interacts with the unprivileged part only; an exploitable programming error in the unprivileged code path does not lead to immediate privilege escalation.
    Hope that helps-

  3. #3
    Senior Member
    Join Date
    Jan 2002
    It's a hack that the OpenSSH team made when they discovered that they had a remotely exploitable vulnerability, and they somehow needed to fix it without revealing to would-be attackers which piece of the sizeable code it was in.

    So they made a fairly generic fix, and surrepticiously released it as a "feature". Subsequently when the bug came to light, people were initially told to simply turn this dormant feature on until a full patch was released (which fixed the bug, but in doing to gave the attackers enough information to exploit it)

    Clearly the likes of Microsoft with their closed-source software can surrepticiously fix security holes they hope no-one's spotted (assuming they find them first) and then pretend they never existed (unless they're rediscovered)

    This was the open source people trying to do their best at doing the same.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts