Comment by cenamus
2 hours ago
Did anyone look into whether OpenBSD has privilege separated sshd enough for that exploit to not be possible?
2 hours ago
Did anyone look into whether OpenBSD has privilege separated sshd enough for that exploit to not be possible?
OpenBSD exposes pledge() and unveil(), which allow programs to only access things they declare they need. So, even if the running SSH process gets exploited, it can't do anything the user it's running as can't do. sshd afaik runs as a root process which after authentication forks into another process, running as the target user.