Priviledge seperation example - OpenSSH


OpenSSH started in 1999.  In 2002, priviledge seperation was added.

Operates largely in chroot space as different processes

One process is the pre-auth checker - 2011 sandboxing support, using
systrace based in OpenBSD.  Only system calls permitted are

    clock_gettime() close() getentropy() getpid() gettimeofday()
    madvise() mmap() mprotect() mquery() munmap() open() poll()
    read() select() sendsyslog() shutdown() sigprocmask() write()

(takes 150 lines of nasty complicated code)

Exceed those rules, process gets killed.