Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jun 2013 10:21:49 +0000 (UTC)
From:      Dag-Erling Smørgrav <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r252340 - stable/8/crypto/openssh
Message-ID:  <201306281021.r5SALn0p011420@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: des
Date: Fri Jun 28 10:21:49 2013
New Revision: 252340
URL: http://svnweb.freebsd.org/changeset/base/252340

Log:
  MFH (r251088, r252338): revert default privsep setting to "yes"

Modified:
  stable/8/crypto/openssh/servconf.c
  stable/8/crypto/openssh/sshd_config
  stable/8/crypto/openssh/sshd_config.5
Directory Properties:
  stable/8/crypto/openssh/   (props changed)

Modified: stable/8/crypto/openssh/servconf.c
==============================================================================
--- stable/8/crypto/openssh/servconf.c	Fri Jun 28 09:55:00 2013	(r252339)
+++ stable/8/crypto/openssh/servconf.c	Fri Jun 28 10:21:49 2013	(r252340)
@@ -294,7 +294,7 @@ fill_default_server_options(ServerOption
 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
-		use_privsep = PRIVSEP_ON;
+		use_privsep = PRIVSEP_NOSANDBOX;
 
 #ifndef HAVE_MMAP
 	if (use_privsep && options->compression == 1) {

Modified: stable/8/crypto/openssh/sshd_config
==============================================================================
--- stable/8/crypto/openssh/sshd_config	Fri Jun 28 09:55:00 2013	(r252339)
+++ stable/8/crypto/openssh/sshd_config	Fri Jun 28 10:21:49 2013	(r252340)
@@ -102,7 +102,7 @@
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation sandbox
+#UsePrivilegeSeparation yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

Modified: stable/8/crypto/openssh/sshd_config.5
==============================================================================
--- stable/8/crypto/openssh/sshd_config.5	Fri Jun 28 09:55:00 2013	(r252339)
+++ stable/8/crypto/openssh/sshd_config.5	Fri Jun 28 10:21:49 2013	(r252340)
@@ -1095,7 +1095,7 @@ the privilege of the authenticated user.
 The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
-.Dq sandbox .
+.Dq yes .
 If
 .Cm UsePrivilegeSeparation
 is set to

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306281021.r5SALn0p011420>