diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-05-15 21:35:43 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-05-15 21:35:43 +0000 |
commit | bb2ce36d4d706800a6b672f07cd7989497663160 (patch) | |
tree | 17969ee5dcd0b0fe98fadf8ab35bfda09d0a65e7 | |
parent | 2b70e5603f708d2acdfa2b81b7a021fc1551e08a (diff) |
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | servconf.c | 6 | ||||
-rw-r--r-- | sshd.8 | 4 | ||||
-rw-r--r-- | sshd_config | 4 |
4 files changed, 11 insertions, 8 deletions
@@ -32,6 +32,9 @@ [kex.c monitor.c monitor_wrap.c sshd.c] 'monitor' variable clashes with at least one lame platform (NeXT). i Renamed to 'pmonitor'. provos@ + - deraadt@cvs.openbsd.org 2002/05/04 02:39:35 + [servconf.c sshd.8 sshd_config] + enable privsep by default; provos ok - (bal) Fixed up PAM case. I think. - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy @@ -638,4 +641,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2130 2002/05/15 16:39:51 mouring Exp $ +$Id: ChangeLog,v 1.2131 2002/05/15 21:35:43 mouring Exp $ @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.108 2002/05/04 02:39:35 deraadt Exp $"); #if defined(KRB4) #include <krb.h> @@ -250,9 +250,9 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - /* Turn privilege separation _off_ by default */ + /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = 0; + use_privsep = 1; } /* Keyword tokens. */ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.179 2002/05/04 02:39:35 deraadt Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -852,7 +852,7 @@ another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq no . +.Dq yes . .It Cm VerifyReverseMapping Specifies whether .Nm diff --git a/sshd_config b/sshd_config index d55a9e68..dc940d92 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $ +# $OpenBSD: sshd_config,v 1.52 2002/05/04 02:39:35 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -80,7 +80,7 @@ #PrintLastLog yes #KeepAlive yes #UseLogin no -#UsePrivilegeSeparation no +#UsePrivilegeSeparation yes #MaxStartups 10 # no default banner path |