diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 21:47:11 +0200 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 21:47:11 +0200 |
| commit | fb62a6948834281fd5628e5566f17c1767a17763 (patch) | |
| tree | 78be4ed1e64fcc0df2cd2e65e3ad19bd05e2efba | |
| parent | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed (diff) | |
| download | openssh-fb62a6948834281fd5628e5566f17c1767a17763.tar.xz openssh-fb62a6948834281fd5628e5566f17c1767a17763.zip | |
- markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | servconf.c | 6 | ||||
| -rw-r--r-- | sshd.8 | 4 | ||||
| -rw-r--r-- | sshd_config | 4 |
4 files changed, 14 insertions, 8 deletions
@@ -1,3 +1,9 @@ +20020606 + - (bal) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2002/05/15 21:56:38 + [servconf.c sshd.8 sshd_config] + re-enable privsep and disable setuid for post-3.2.2 + 20020604 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed setsockopt from debug to error for now). @@ -681,4 +687,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2143 2002/06/04 20:52:19 stevesk Exp $ +$Id: ChangeLog,v 1.2144 2002/06/06 19:47:11 mouring Exp $ diff --git a/servconf.c b/servconf.c index 5f8e74e33..7a776ac8e 100644 --- a/servconf.c +++ b/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.109 2002/05/15 21:02:52 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.110 2002/05/15 21:56:38 markus Exp $"); #if defined(KRB4) #include <krb.h> @@ -250,9 +250,9 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - /* Turn privilege separation _off_ by default */ + /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = 0; + use_privsep = 1; } /* Keyword tokens. */ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.181 2002/05/15 21:02:53 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.182 2002/05/15 21:56:38 markus Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -852,7 +852,7 @@ another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq no . +.Dq yes . .It Cm VerifyReverseMapping Specifies whether .Nm diff --git a/sshd_config b/sshd_config index e96f7a1d3..b870cb434 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $ +# $OpenBSD: sshd_config,v 1.54 2002/05/15 21:56:38 markus Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -80,7 +80,7 @@ #PrintLastLog yes #KeepAlive yes #UseLogin no -#UsePrivilegeSeparation no +#UsePrivilegeSeparation yes #MaxStartups 10 # no default banner path |