diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-03-14 07:19:07 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-03-15 11:09:18 +1100 |
commit | 66705948c0639a7061a0d0753266da7685badfec (patch) | |
tree | 147e7ac3dd0730796fcc39c345d8ff7bbf9a13e2 /servconf.c | |
parent | f86586b03fe6cd8f595289bde200a94bc2c191af (diff) |
upstream commit
Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@
(note: this doesn't remove the !privsep code paths, though that will
happen eventually).
Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/servconf.c b/servconf.c index 725886e8c..56b831652 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.305 2017/03/10 04:11:00 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -535,7 +535,7 @@ static struct { | |||
535 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, | 535 | { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, |
536 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, | 536 | { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, |
537 | { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, | 537 | { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, |
538 | { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, | 538 | { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, |
539 | { "acceptenv", sAcceptEnv, SSHCFG_ALL }, | 539 | { "acceptenv", sAcceptEnv, SSHCFG_ALL }, |
540 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, | 540 | { "permittunnel", sPermitTunnel, SSHCFG_ALL }, |
541 | { "permittty", sPermitTTY, SSHCFG_ALL }, | 541 | { "permittty", sPermitTTY, SSHCFG_ALL }, |
@@ -1374,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1374 | intptr = &options->disable_forwarding; | 1374 | intptr = &options->disable_forwarding; |
1375 | goto parse_flag; | 1375 | goto parse_flag; |
1376 | 1376 | ||
1377 | case sUsePrivilegeSeparation: | ||
1378 | intptr = &use_privsep; | ||
1379 | multistate_ptr = multistate_privsep; | ||
1380 | goto parse_multistate; | ||
1381 | |||
1382 | case sAllowUsers: | 1377 | case sAllowUsers: |
1383 | while ((arg = strdelim(&cp)) && *arg != '\0') { | 1378 | while ((arg = strdelim(&cp)) && *arg != '\0') { |
1384 | if (options->num_allow_users >= MAX_ALLOW_USERS) | 1379 | if (options->num_allow_users >= MAX_ALLOW_USERS) |
@@ -2107,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val) | |||
2107 | return fmt_multistate_int(val, multistate_gatewayports); | 2102 | return fmt_multistate_int(val, multistate_gatewayports); |
2108 | case sCompression: | 2103 | case sCompression: |
2109 | return fmt_multistate_int(val, multistate_compression); | 2104 | return fmt_multistate_int(val, multistate_compression); |
2110 | case sUsePrivilegeSeparation: | ||
2111 | return fmt_multistate_int(val, multistate_privsep); | ||
2112 | case sAllowTcpForwarding: | 2105 | case sAllowTcpForwarding: |
2113 | return fmt_multistate_int(val, multistate_tcpfwd); | 2106 | return fmt_multistate_int(val, multistate_tcpfwd); |
2114 | case sAllowStreamLocalForwarding: | 2107 | case sAllowStreamLocalForwarding: |
@@ -2284,7 +2277,6 @@ dump_config(ServerOptions *o) | |||
2284 | dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); | 2277 | dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); |
2285 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); | 2278 | dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); |
2286 | dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); | 2279 | dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); |
2287 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | ||
2288 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); | 2280 | dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); |
2289 | 2281 | ||
2290 | /* string arguments */ | 2282 | /* string arguments */ |