sshd(8) splitting continues

The work of improving ssh security by segregating functionality into separate binaries contiues, this time by introducing sshd-auth as a separate binary.

The commit message summarizes why this makes sense,

Splitting this code into a separate binary ensures that the crucialpre-authentication attack surface has an entirely disjoint addressspace from the code used for the rest of the connection. It alsoyields a small runtime memory saving as the authentication code willbe unloaded after thhe authentication phase completes.

The code is in snapshots as we type.

Read the whole thing after the fold -

Read more...