svn commit: r261340 - head/crypto/openssh
Dag-Erling Smørgrav
des at FreeBSD.org
Sat Feb 1 00:07:17 UTC 2014
Author: des
Date: Sat Feb 1 00:07:16 2014
New Revision: 261340
URL: http://svnweb.freebsd.org/changeset/base/261340
Log:
Turn sandboxing on by default.
Modified:
head/crypto/openssh/servconf.c
head/crypto/openssh/sshd_config
head/crypto/openssh/sshd_config.5
Modified: head/crypto/openssh/servconf.c
==============================================================================
--- head/crypto/openssh/servconf.c Fri Jan 31 23:44:54 2014 (r261339)
+++ head/crypto/openssh/servconf.c Sat Feb 1 00:07:16 2014 (r261340)
@@ -314,7 +314,7 @@ fill_default_server_options(ServerOption
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = PRIVSEP_NOSANDBOX;
+ use_privsep = PRIVSEP_ON;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
Modified: head/crypto/openssh/sshd_config
==============================================================================
--- head/crypto/openssh/sshd_config Fri Jan 31 23:44:54 2014 (r261339)
+++ head/crypto/openssh/sshd_config Sat Feb 1 00:07:16 2014 (r261340)
@@ -110,7 +110,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation yes
+#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
Modified: head/crypto/openssh/sshd_config.5
==============================================================================
--- head/crypto/openssh/sshd_config.5 Fri Jan 31 23:44:54 2014 (r261339)
+++ head/crypto/openssh/sshd_config.5 Sat Feb 1 00:07:16 2014 (r261340)
@@ -1227,7 +1227,7 @@ the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq yes .
+.Dq sandbox .
If
.Cm UsePrivilegeSeparation
is set to
More information about the svn-src-head
mailing list