(LiveHacking.Com) – The OpenSSH project has announced the release of OpenSSH 5.9. OpenSSH is a 100% complete SSH implementation (including protocol versions 1.3, 1.5 and 2.0) and includes sftp client and server support.
This new version adds several new features including new SHA256-based HMAC transport integrity modes. However the biggest new feature is the implementation of sandboxing for privilege separated child processes. When enabled this mode forces restrictions on the syscalls the child process can perform. The intention is to prevent a compromised privilege separated child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface.
It is worth noting that the sandboxing of the privilege separated child processes is currently experimental but the OpenSSH developers hope that it will become the default in a future release.
Since OpenSSH is designed primarily to run on OpenBSD, the project have a dedicated porting team which take the OpenBSD version and adds portability code so that OpenSSH can run on many other operating systems (including Linux and OS X). The portable OpenSSH follows development of the official version, but releases are not necessarily synchronized. Portable releases are marked with a ‘p’ (e.g. 5.9p1). The 5.9 release includes the OpenBSD version and the portable version.