summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2014-02-01 00:07:16 +0000
committerdes <des@FreeBSD.org>2014-02-01 00:07:16 +0000
commitb1dd5bd906d2acc156631422593d9f178f81984d (patch)
treeb4fec08ade41282201c4d24a27bbb45df0594c13 /crypto
parent5a3523f34ea93eb40e56719040ddf23c30ebd59a (diff)
downloadFreeBSD-src-b1dd5bd906d2acc156631422593d9f178f81984d.zip
FreeBSD-src-b1dd5bd906d2acc156631422593d9f178f81984d.tar.gz
Turn sandboxing on by default.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/servconf.c2
-rw-r--r--crypto/openssh/sshd_config2
-rw-r--r--crypto/openssh/sshd_config.52
3 files changed, 3 insertions, 3 deletions
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index 97efa4e..3748d80 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -314,7 +314,7 @@ fill_default_server_options(ServerOptions *options)
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = PRIVSEP_NOSANDBOX;
+ use_privsep = PRIVSEP_ON;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index bd71749..513764e 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -110,7 +110,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation yes
+#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index e0f5924..e33b39a 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -1227,7 +1227,7 @@ the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq yes .
+.Dq sandbox .
If
.Cm UsePrivilegeSeparation
is set to
OpenPOWER on IntegriCloud