upstream commit

Mark the sshd_config UsePrivilegeSeparation option as deprecated, effectively making privsep mandatory in sandboxing mode. ok markus@ deraadt@ (note: this doesn't remove the !privsep code paths, though that will happen eventually). Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
author: djm@openbsd.org <djm@openbsd.org> 2017-03-14 07:19:07 +0000
committer: Damien Miller <djm@mindrot.org> 2017-03-15 11:09:18 +1100
commit: 66705948c0639a7061a0d0753266da7685badfec (patch)
tree: 147e7ac3dd0730796fcc39c345d8ff7bbf9a13e2 /servconf.c
parent: f86586b03fe6cd8f595289bde200a94bc2c191af (diff)
1 files changed, 2 insertions, 10 deletions
diff --git a/servconf.c b/servconf.c
index 725886e8c..56b831652 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.305 2017/03/10 04:11:00 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -535,7 +535,7 @@ static struct {
        { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
        { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
        { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
-        { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
+        { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
        { "acceptenv", sAcceptEnv, SSHCFG_ALL },
        { "permittunnel", sPermitTunnel, SSHCFG_ALL },
        { "permittty", sPermitTTY, SSHCFG_ALL },
@@ -1374,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->disable_forwarding;
                goto parse_flag;
-        case sUsePrivilegeSeparation:
-                intptr = &use_privsep;
-                multistate_ptr = multistate_privsep;
-                goto parse_multistate;
        case sAllowUsers:
                while ((arg = strdelim(&cp)) && *arg != '\0') {
                        if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -2107,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val)
                return fmt_multistate_int(val, multistate_gatewayports);
        case sCompression:
                return fmt_multistate_int(val, multistate_compression);
-        case sUsePrivilegeSeparation:
-                return fmt_multistate_int(val, multistate_privsep);
        case sAllowTcpForwarding:
                return fmt_multistate_int(val, multistate_tcpfwd);
        case sAllowStreamLocalForwarding:
@@ -2284,7 +2277,6 @@ dump_config(ServerOptions *o)
        dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
        dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
        dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
-        dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
        dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
        /* string arguments */
author	djm@openbsd.org <djm@openbsd.org>	2017-03-14 07:19:07 +0000
committer	Damien Miller <djm@mindrot.org>	2017-03-15 11:09:18 +1100
commit	66705948c0639a7061a0d0753266da7685badfec (patch)
tree	147e7ac3dd0730796fcc39c345d8ff7bbf9a13e2 /servconf.c
parent	f86586b03fe6cd8f595289bde200a94bc2c191af (diff)