2 files changed, 5 insertions, 5 deletions
diff --git a/servconf.c b/servconf.c
index 7bee5a17a..c0b6f6e65 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.284 2016/01/29 02:54:45 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.285 2016/02/17 05:29:04 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -356,9 +356,9 @@ fill_default_server_options(ServerOptions *options)
        assemble_algorithms(options);
-        /* Turn privilege separation on by default */
+        /* Turn privilege separation and sandboxing on by default */
        if (use_privsep == -1)
-                use_privsep = PRIVSEP_NOSANDBOX;
+                use_privsep = PRIVSEP_ON;
 #define CLEAR_ON_NONE(v) \
        do { \
diff --git a/sshd_config b/sshd_config
index 4d77f05aa..a848d73e4 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
+#       $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -107,7 +107,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-UsePrivilegeSeparation sandbox          # Default for new installations.
+#UsePrivilegeSeparation sandbox
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

diff --git a/servconf.c b/servconf.c index 7bee5a17a..c0b6f6e65 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,5 +1,5 @@
1		1
2	/* $OpenBSD: servconf.c,v 1.284 2016/01/29 02:54:45 dtucker Exp $ */	2	/* $OpenBSD: servconf.c,v 1.285 2016/02/17 05:29:04 djm Exp $ */
3	/*	3	/*
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved	5	* All rights reserved
@@ -356,9 +356,9 @@ fill_default_server_options(ServerOptions *options)
356		356
357	assemble_algorithms(options);	357	assemble_algorithms(options);
358		358
359	/* Turn privilege separation on by default */	359	/* Turn privilege separation and sandboxing on by default */
360	if (use_privsep == -1)	360	if (use_privsep == -1)
361	use_privsep = PRIVSEP_NOSANDBOX;	361	use_privsep = PRIVSEP_ON;
362		362
363	#define CLEAR_ON_NONE(v) \	363	#define CLEAR_ON_NONE(v) \
364	do { \	364	do { \


diff --git a/sshd_config b/sshd_config index 4d77f05aa..a848d73e4 100644 --- a/sshd_config +++ b/sshd_config
@@ -1,4 +1,4 @@
1	# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $	1	# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
2		2
3	# This is the sshd server system-wide configuration file. See	3	# This is the sshd server system-wide configuration file. See
4	# sshd_config(5) for more information.	4	# sshd_config(5) for more information.
@@ -107,7 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys
107	#PrintLastLog yes	107	#PrintLastLog yes
108	#TCPKeepAlive yes	108	#TCPKeepAlive yes
109	#UseLogin no	109	#UseLogin no
110	UsePrivilegeSeparation sandbox # Default for new installations.	110	#UsePrivilegeSeparation sandbox
111	#PermitUserEnvironment no	111	#PermitUserEnvironment no
112	#Compression delayed	112	#Compression delayed
113	#ClientAliveInterval 0	113	#ClientAliveInterval 0