openssh

Dag-Erling Smørgrav Fri, 28 Jun 2013 03:23:00 -0700

Author: des
Date: Fri Jun 28 10:21:49 2013
New Revision: 252340
URL: http://svnweb.freebsd.org/changeset/base/252340


Log:
  MFH (r251088, r252338): revert default privsep setting to "yes"

Modified:
  stable/8/crypto/openssh/servconf.c
  stable/8/crypto/openssh/sshd_config
  stable/8/crypto/openssh/sshd_config.5
Directory Properties:
  stable/8/crypto/openssh/   (props changed)

Modified: stable/8/crypto/openssh/servconf.c
==============================================================================
--- stable/8/crypto/openssh/servconf.c  Fri Jun 28 09:55:00 2013        
(r252339)
+++ stable/8/crypto/openssh/servconf.c  Fri Jun 28 10:21:49 2013        
(r252340)
@@ -294,7 +294,7 @@ fill_default_server_options(ServerOption
                options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
-               use_privsep = PRIVSEP_ON;
+               use_privsep = PRIVSEP_NOSANDBOX;
 
 #ifndef HAVE_MMAP
        if (use_privsep && options->compression == 1) {

Modified: stable/8/crypto/openssh/sshd_config
==============================================================================
--- stable/8/crypto/openssh/sshd_config Fri Jun 28 09:55:00 2013        
(r252339)
+++ stable/8/crypto/openssh/sshd_config Fri Jun 28 10:21:49 2013        
(r252340)
@@ -102,7 +102,7 @@
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation sandbox
+#UsePrivilegeSeparation yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

Modified: stable/8/crypto/openssh/sshd_config.5
==============================================================================
--- stable/8/crypto/openssh/sshd_config.5       Fri Jun 28 09:55:00 2013        
(r252339)
+++ stable/8/crypto/openssh/sshd_config.5       Fri Jun 28 10:21:49 2013        
(r252340)
@@ -1095,7 +1095,7 @@ the privilege of the authenticated user.
 The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
-.Dq sandbox .
+.Dq yes .
 If
 .Cm UsePrivilegeSeparation
 is set to
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r252340 - stable/8/crypto/openssh

Reply via email to