diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 2002-03-18 17:59:10 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 2002-03-18 17:59:10 +0000 |
| commit | 6d72b8b37a2144c13c59dd521c2299580049d795 (patch) | |
| tree | 3fce934ca3d9a8b2c30aa583c010ffd9eaaa4fea /usr.bin | |
| parent | f64efeaeb4c66968532b2c68fd9111bb7540c114 (diff) | |
document UsePrivilegeSeparation
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index b286376a7ee..52bc1b19458 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.171 2002/03/18 17:53:08 provos Exp $ +.\" $OpenBSD: sshd.8,v 1.172 2002/03/18 17:59:09 provos Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -831,7 +831,19 @@ will be disabled because .Xr login 1 does not know how to handle .Xr xauth 1 -cookies. +cookies. If +.Cm UsePrivilegeSeparation +is specified, it will be disabled after authentication. +.It Cm UsePrivilegeSeparation +Specifies whether +.Nm +separated privileges by creating an unprivileged child process +to deal with incoming network traffic. After successful authentication, +another process will be created that has the privilege of the authenticated +user. The goal of privilege separation is to prevent privilege +escalation by containing any corruption within the unprivileged processes. +The default is +.Dq no . .It Cm VerifyReverseMapping Specifies whether .Nm |