A question about OpenSSH_3.4p1 on Solaris 8
Damien Miller
djm at mindrot.org
Sat Oct 26 14:29:46 EST 2002
On Sat, 2002-10-26 at 03:50, William R. Knox wrote:
> I assume that the CPU overhead of splitting the processing into the two
> separate processes involves only the communication between the processes,
> given that the root process only handled things that have to be handled by
> root and the user-owned process takes care of everything else - therefore,
> there should be VERY little increased load as a result of privilege
> separation (which you can turn off as well, if you like) and only a
> limited additional memory use (for the additional process). Worth it for
> the protection, I think.
Yes, the root-owned process is only called upon for things which require
root privileges (e.g. pty allocation). Most of the time the only
overhead is a process slot.
-d
More information about the openssh-unix-dev
mailing list