From owner-freebsd-security  Tue Jun 25  3:48:24 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [63.229.157.2])
	by hub.freebsd.org (Postfix) with ESMTP id 9D1E737B406
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 03:48:19 -0700 (PDT)
Received: (from root@localhost)
	by lariat.org (8.9.3/8.9.3) id EAA23742;
	Tue, 25 Jun 2002 04:48:14 -0600 (MDT)
Date: Tue, 25 Jun 2002 04:48:14 -0600 (MDT)
From: Brett Glass <brett@lariat.org>
Message-Id: <200206251048.EAA23742@lariat.org>
To: freebsd-security@FreeBSD.ORG, klaus@compt.com
Subject: Re: all this talk of privilege separation ...
In-Reply-To: <20020625063412.U589@cthulu.compt.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Privilege separation is an architecture that implements the "principle of
minimum privilege" with relatively fine granularity. Apache does it when the
master process spawns a pool of unprivileged worker processes. OpenSSH with
privilege separation does something similar: It forks tasks with no privilege
to handle network traffic and tasks that require no privilege, leaving a small
"master" task to handle what must be done at an elevated privilege.

--Brett Glass


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message