Hi All,
Sorry to interrupt, but I recently downloaded and installed a
pre-compiled package of OpenSSH 3.9p1 for Solaris.
After installation everything seems to work well, but I notice that all
of the child sshd daemons are running with a flag '-R' i.e.
sh-3.00# ps -ef | grep sshd
root 475 1 0 13:45:23 ? 0:00 /usr/local/sbin/sshd -4
root 643 475 0 14:10:55 ? 0:00 /usr/local/sbin/sshd -4 -R
robb 645 643 0 14:11:02 ? 0:06 /usr/local/sbin/sshd -4 -R
root 1015 475 0 15:09:25 ? 0:00 /usr/local/sbin/sshd -4 -R
Why is that? (the -4 option I added myself, in the startup file).
The -R doesn't seem to be documented anywhere and the archives of this
list didn't reveal anything obvious.
Have I mis-configured something? I wonder if there is a problem with
privilege seperation - I wasn't expecting to see so many processes
running as root.
There is this code in sshd.c - But I cannot guess at its purpose:
"sshd.c" line 1195 of 2021:
...
if (rexec_flag) {
rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
for (i = 0; i < rexec_argc; i++) {
debug("rexec_argv[%d]='%s'", i,
saved_argv[i]);
rexec_argv[i] = saved_argv[i];
}
rexec_argv[rexec_argc] = "-R";
rexec_argv[rexec_argc + 1] = NULL;
}
...
I'm running this on Solaris 9, to be exact:
bash-3.00# uname -a
SunOS chamonix 5.9 Generic_117171-15 sun4u sparc SUNW,Ultra-5_10
bash-3.00# /usr/local/sbin/sshd -V
sshd: illegal option -- V
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
--
Yours,
Robb.
+-----------------------------------------------+
| "Tell me about windows." |
| "Well it's only temporary, you understand." |
| |
| Wendolene & Wallace. |
| A Close Shave. ? 1995 Wallace & Gromit Ltd. |
+-----------------------------------------------+
Robert Watson wrote:> After installation everything seems to work well, but I notice that all > of the child sshd daemons are running with a flag '-R' i.e.[...]> Why is that? (the -4 option I added myself, in the startup file). > > The -R doesn't seem to be documented anywhere and the archives of this > list didn't reveal anything obvious.Starting with 3.9x, sshd will re-exec itself for every connection. This means that any exec-time process randomization (eg library offsets, propolice canaries) will be different for each connection. (For a thorough overview of what OpenBSD does, see [1]. Most platforms don't have these, however this will hopefully change over time, for example if the propolice patches get integrated into gcc). sshd needs to do some things a little differently after it's re-execed itself. -R is an internal flag that causes those changes in behaviour.> Have I mis-configured something? I wonder if there is a problem with > privilege seperation - I wasn't expecting to see so many processes > running as root.No, it looks normal. When PrivilegeSeparation is enabled, you will have two sshds per connected user (with the exception of root logins), one running as root (the "monitor") and one running as the logged-in user (the "slave"). [1] http://www.openbsd.org/papers/auug04/ -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.