diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 19:47:11 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-06 19:47:11 +0000 |
commit | fb62a6948834281fd5628e5566f17c1767a17763 (patch) | |
tree | 78be4ed1e64fcc0df2cd2e65e3ad19bd05e2efba | |
parent | df75dd21f53829f97eff225c87a71e43c8ec4064 (diff) |
- markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | servconf.c | 6 | ||||
-rw-r--r-- | sshd.8 | 4 | ||||
-rw-r--r-- | sshd_config | 4 |
4 files changed, 14 insertions, 8 deletions
@@ -1,3 +1,9 @@ | |||
1 | 20020606 | ||
2 | - (bal) OpenBSD CVS Sync | ||
3 | - markus@cvs.openbsd.org 2002/05/15 21:56:38 | ||
4 | [servconf.c sshd.8 sshd_config] | ||
5 | re-enable privsep and disable setuid for post-3.2.2 | ||
6 | |||
1 | 20020604 | 7 | 20020604 |
2 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed | 8 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed |
3 | setsockopt from debug to error for now). | 9 | setsockopt from debug to error for now). |
@@ -681,4 +687,4 @@ | |||
681 | - (stevesk) entropy.c: typo in debug message | 687 | - (stevesk) entropy.c: typo in debug message |
682 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 688 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
683 | 689 | ||
684 | $Id: ChangeLog,v 1.2143 2002/06/04 20:52:19 stevesk Exp $ | 690 | $Id: ChangeLog,v 1.2144 2002/06/06 19:47:11 mouring Exp $ |
diff --git a/servconf.c b/servconf.c index 5f8e74e33..7a776ac8e 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.109 2002/05/15 21:02:52 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.110 2002/05/15 21:56:38 markus Exp $"); |
14 | 14 | ||
15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -250,9 +250,9 @@ fill_default_server_options(ServerOptions *options) | |||
250 | if (options->authorized_keys_file == NULL) | 250 | if (options->authorized_keys_file == NULL) |
251 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; | 251 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
252 | 252 | ||
253 | /* Turn privilege separation _off_ by default */ | 253 | /* Turn privilege separation on by default */ |
254 | if (use_privsep == -1) | 254 | if (use_privsep == -1) |
255 | use_privsep = 0; | 255 | use_privsep = 1; |
256 | } | 256 | } |
257 | 257 | ||
258 | /* Keyword tokens. */ | 258 | /* Keyword tokens. */ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.181 2002/05/15 21:02:53 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.182 2002/05/15 21:56:38 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -852,7 +852,7 @@ another process will be created that has the privilege of the authenticated | |||
852 | user. The goal of privilege separation is to prevent privilege | 852 | user. The goal of privilege separation is to prevent privilege |
853 | escalation by containing any corruption within the unprivileged processes. | 853 | escalation by containing any corruption within the unprivileged processes. |
854 | The default is | 854 | The default is |
855 | .Dq no . | 855 | .Dq yes . |
856 | .It Cm VerifyReverseMapping | 856 | .It Cm VerifyReverseMapping |
857 | Specifies whether | 857 | Specifies whether |
858 | .Nm | 858 | .Nm |
diff --git a/sshd_config b/sshd_config index e96f7a1d3..b870cb434 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $ | 1 | # $OpenBSD: sshd_config,v 1.54 2002/05/15 21:56:38 markus Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See sshd(8) | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
4 | # for more information. | 4 | # for more information. |
@@ -80,7 +80,7 @@ | |||
80 | #PrintLastLog yes | 80 | #PrintLastLog yes |
81 | #KeepAlive yes | 81 | #KeepAlive yes |
82 | #UseLogin no | 82 | #UseLogin no |
83 | #UsePrivilegeSeparation no | 83 | #UsePrivilegeSeparation yes |
84 | 84 | ||
85 | #MaxStartups 10 | 85 | #MaxStartups 10 |
86 | # no default banner path | 86 | # no default banner path |