- provos@cvs.openbsd.org 2002/03/18 17:59:09

[sshd.8]
     document UsePrivilegeSeparation

ChangeLog

@@ -68,6 +68,9 @@
    - provos@cvs.openbsd.org 2002/03/18 17:53:08
      [sshd.8]
      credits for privsep
+   - provos@cvs.openbsd.org 2002/03/18 17:59:09
+     [sshd.8]
+     document UsePrivilegeSeparation
 
 20020317
  - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
@@ -7914,4 +7917,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1944 2002/03/22 02:33:12 mouring Exp $
+$Id: ChangeLog,v 1.1945 2002/03/22 02:37:50 mouring Exp $

sshd.8

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.171 2002/03/18 17:53:08 provos Exp $
+.\" $OpenBSD: sshd.8,v 1.172 2002/03/18 17:59:09 provos Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -839,7 +839,19 @@ will be disabled because
 .Xr login 1
 does not know how to handle
 .Xr xauth 1
-cookies.
+cookies.  If
+.Cm UsePrivilegeSeparation
+is specified, it will be disabled after authentication.
+.It Cm UsePrivilegeSeparation
+Specifies whether
+.Nm
+separated privileges by creating an unprivileged child process
+to deal with incoming network traffic.  After successful authentication,
+another process will be created that has the privilege of the authenticated
+user.  The goal of privilege separation is to prevent privilege
+escalation by containing any corruption within the unprivileged processes.
+The default is
+.Dq no .
 .It Cm VerifyReverseMapping
 Specifies whether
 .Nm