mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-10-19 02:29:40 +00:00
Code Issues Releases Activity

Turn sandboxing on by default.

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2014-02-01 00:07:16 +00:00
parent 3f84e63ede
commit 2b1970f362
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=261340
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/openssh/servconf.c
View File

@ -314,7 +314,7 @@ fill_default_server_options(ServerOptions *options)
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
/* Turn privilege separation on by default */ /* Turn privilege separation on by default */
if (use_privsep == -1) if (use_privsep == -1)
use_privsep = PRIVSEP_NOSANDBOX; use_privsep = PRIVSEP_ON;
#ifndef HAVE_MMAP #ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) { if (use_privsep && options->compression == 1) {

2
crypto/openssh/sshd_config
View File

@ -110,7 +110,7 @@
#PrintLastLog yes #PrintLastLog yes
#TCPKeepAlive yes #TCPKeepAlive yes
#UseLogin no #UseLogin no
#UsePrivilegeSeparation yes #UsePrivilegeSeparation sandbox
#PermitUserEnvironment no #PermitUserEnvironment no
#Compression delayed #Compression delayed
#ClientAliveInterval 0 #ClientAliveInterval 0

2
crypto/openssh/sshd_config.5
View File

@ -1227,7 +1227,7 @@ the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes. escalation by containing any corruption within the unprivileged processes.
The default is The default is
.Dq yes . .Dq sandbox .
If If
.Cm UsePrivilegeSeparation .Cm UsePrivilegeSeparation
is set to is set to