1. 7

  2. [Comment removed by author]

    1. 1

      sshd used to be a large monolithic daemon. Privsep was retrofitted into it, but the original design didn’t necessarily perform tasks in an orderly fashion. If you’re running with full root privileges, you can do what you want when you want.

      A new from scratch design would be more disciplined about which component performs which operation, the privileges required, etc.