The OpenSSH development team has announced the release of version 5.9 of its open source SSH (Secure Shell) implementation. Compared to the OpenSSH 5.8 release from 7 months ago, which was primarily a security update, the latest update includes a wider variety of changes including the addition of new SHA256-based HMAC (Hash-based Message Authentication Code) transport integrity modes.
To prevent a compromised privsep (privilege separation) child from being used to attack other hosts, sandboxing has been introduced through an optional mode that enables mandatory restrictions on the system calls (syscalls) which the privsep child can perform. The developers note that the sandboxing of the privsep child process is "currently experimental but should become the default in a future release".

The link for this article located at H Security is no longer available.