The goal of this work is complete privilege separation within in OpenSSH. Privilege separation uses two processes: The privileged parent process that monitors the progress of the unprivileged child process. The child process is unprivileged and the only process that processes . . .
The goal of this work is complete privilege separation within in OpenSSH. Privilege separation uses two processes: The privileged parent process that monitors the progress of the unprivileged child process. The child process is unprivileged and the only process that processes network data. The privileged parent can be modelled by a very small finite-state machine so that it is easy to reason about the code that is being executed with privileges.
A well defined interface between privileged parent and unprivileged child allows the child to delegate operations that require privileges to the parent. Successful authentication is determined by the parent process.