diff options
author | des <des@FreeBSD.org> | 2014-02-01 00:07:16 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2014-02-01 00:07:16 +0000 |
commit | b1dd5bd906d2acc156631422593d9f178f81984d (patch) | |
tree | b4fec08ade41282201c4d24a27bbb45df0594c13 /crypto | |
parent | 5a3523f34ea93eb40e56719040ddf23c30ebd59a (diff) | |
download | FreeBSD-src-b1dd5bd906d2acc156631422593d9f178f81984d.zip FreeBSD-src-b1dd5bd906d2acc156631422593d9f178f81984d.tar.gz |
Turn sandboxing on by default.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssh/servconf.c | 2 | ||||
-rw-r--r-- | crypto/openssh/sshd_config | 2 | ||||
-rw-r--r-- | crypto/openssh/sshd_config.5 | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 97efa4e..3748d80 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -314,7 +314,7 @@ fill_default_server_options(ServerOptions *options) options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = PRIVSEP_NOSANDBOX; + use_privsep = PRIVSEP_ON; #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index bd71749..513764e 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -110,7 +110,7 @@ #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index e0f5924..e33b39a 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1227,7 +1227,7 @@ the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq yes . +.Dq sandbox . If .Cm UsePrivilegeSeparation is set to |