mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
Turn sandboxing on by default.
This commit is contained in:
parent
3f84e63ede
commit
2b1970f362
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=261340
@ -314,7 +314,7 @@ fill_default_server_options(ServerOptions *options)
|
|||||||
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
|
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
|
||||||
/* Turn privilege separation on by default */
|
/* Turn privilege separation on by default */
|
||||||
if (use_privsep == -1)
|
if (use_privsep == -1)
|
||||||
use_privsep = PRIVSEP_NOSANDBOX;
|
use_privsep = PRIVSEP_ON;
|
||||||
|
|
||||||
#ifndef HAVE_MMAP
|
#ifndef HAVE_MMAP
|
||||||
if (use_privsep && options->compression == 1) {
|
if (use_privsep && options->compression == 1) {
|
||||||
|
@ -110,7 +110,7 @@
|
|||||||
#PrintLastLog yes
|
#PrintLastLog yes
|
||||||
#TCPKeepAlive yes
|
#TCPKeepAlive yes
|
||||||
#UseLogin no
|
#UseLogin no
|
||||||
#UsePrivilegeSeparation yes
|
#UsePrivilegeSeparation sandbox
|
||||||
#PermitUserEnvironment no
|
#PermitUserEnvironment no
|
||||||
#Compression delayed
|
#Compression delayed
|
||||||
#ClientAliveInterval 0
|
#ClientAliveInterval 0
|
||||||
|
@ -1227,7 +1227,7 @@ the privilege of the authenticated user.
|
|||||||
The goal of privilege separation is to prevent privilege
|
The goal of privilege separation is to prevent privilege
|
||||||
escalation by containing any corruption within the unprivileged processes.
|
escalation by containing any corruption within the unprivileged processes.
|
||||||
The default is
|
The default is
|
||||||
.Dq yes .
|
.Dq sandbox .
|
||||||
If
|
If
|
||||||
.Cm UsePrivilegeSeparation
|
.Cm UsePrivilegeSeparation
|
||||||
is set to
|
is set to
|
||||||
|
Loading…
Reference in New Issue
Block a user