svn commit: r252340 - stable/8/crypto/openssh
Dag-Erling Smørgrav
des at FreeBSD.org
Fri Jun 28 10:21:50 UTC 2013
Author: des
Date: Fri Jun 28 10:21:49 2013
New Revision: 252340
URL: http://svnweb.freebsd.org/changeset/base/252340
Log:
MFH (r251088, r252338): revert default privsep setting to "yes"
Modified:
stable/8/crypto/openssh/servconf.c
stable/8/crypto/openssh/sshd_config
stable/8/crypto/openssh/sshd_config.5
Directory Properties:
stable/8/crypto/openssh/ (props changed)
Modified: stable/8/crypto/openssh/servconf.c
==============================================================================
--- stable/8/crypto/openssh/servconf.c Fri Jun 28 09:55:00 2013 (r252339)
+++ stable/8/crypto/openssh/servconf.c Fri Jun 28 10:21:49 2013 (r252340)
@@ -294,7 +294,7 @@ fill_default_server_options(ServerOption
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = PRIVSEP_ON;
+ use_privsep = PRIVSEP_NOSANDBOX;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
Modified: stable/8/crypto/openssh/sshd_config
==============================================================================
--- stable/8/crypto/openssh/sshd_config Fri Jun 28 09:55:00 2013 (r252339)
+++ stable/8/crypto/openssh/sshd_config Fri Jun 28 10:21:49 2013 (r252340)
@@ -102,7 +102,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation sandbox
+#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
Modified: stable/8/crypto/openssh/sshd_config.5
==============================================================================
--- stable/8/crypto/openssh/sshd_config.5 Fri Jun 28 09:55:00 2013 (r252339)
+++ stable/8/crypto/openssh/sshd_config.5 Fri Jun 28 10:21:49 2013 (r252340)
@@ -1095,7 +1095,7 @@ the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq sandbox .
+.Dq yes .
If
.Cm UsePrivilegeSeparation
is set to
More information about the svn-src-all
mailing list