diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | servconf.c | 6 | ||||
-rw-r--r-- | sshd.8 | 4 | ||||
-rw-r--r-- | sshd_config | 4 |
4 files changed, 11 insertions, 8 deletions
@@ -32,6 +32,9 @@ | |||
32 | [kex.c monitor.c monitor_wrap.c sshd.c] | 32 | [kex.c monitor.c monitor_wrap.c sshd.c] |
33 | 'monitor' variable clashes with at least one lame platform (NeXT). i | 33 | 'monitor' variable clashes with at least one lame platform (NeXT). i |
34 | Renamed to 'pmonitor'. provos@ | 34 | Renamed to 'pmonitor'. provos@ |
35 | - deraadt@cvs.openbsd.org 2002/05/04 02:39:35 | ||
36 | [servconf.c sshd.8 sshd_config] | ||
37 | enable privsep by default; provos ok | ||
35 | - (bal) Fixed up PAM case. I think. | 38 | - (bal) Fixed up PAM case. I think. |
36 | - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy | 39 | - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy |
37 | 40 | ||
@@ -638,4 +641,4 @@ | |||
638 | - (stevesk) entropy.c: typo in debug message | 641 | - (stevesk) entropy.c: typo in debug message |
639 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 642 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
640 | 643 | ||
641 | $Id: ChangeLog,v 1.2130 2002/05/15 16:39:51 mouring Exp $ | 644 | $Id: ChangeLog,v 1.2131 2002/05/15 21:35:43 mouring Exp $ |
diff --git a/servconf.c b/servconf.c index 4b5b406a7..5b894f744 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.108 2002/05/04 02:39:35 deraadt Exp $"); |
14 | 14 | ||
15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -250,9 +250,9 @@ fill_default_server_options(ServerOptions *options) | |||
250 | if (options->authorized_keys_file == NULL) | 250 | if (options->authorized_keys_file == NULL) |
251 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; | 251 | options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; |
252 | 252 | ||
253 | /* Turn privilege separation _off_ by default */ | 253 | /* Turn privilege separation on by default */ |
254 | if (use_privsep == -1) | 254 | if (use_privsep == -1) |
255 | use_privsep = 0; | 255 | use_privsep = 1; |
256 | } | 256 | } |
257 | 257 | ||
258 | /* Keyword tokens. */ | 258 | /* Keyword tokens. */ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.179 2002/05/04 02:39:35 deraadt Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -852,7 +852,7 @@ another process will be created that has the privilege of the authenticated | |||
852 | user. The goal of privilege separation is to prevent privilege | 852 | user. The goal of privilege separation is to prevent privilege |
853 | escalation by containing any corruption within the unprivileged processes. | 853 | escalation by containing any corruption within the unprivileged processes. |
854 | The default is | 854 | The default is |
855 | .Dq no . | 855 | .Dq yes . |
856 | .It Cm VerifyReverseMapping | 856 | .It Cm VerifyReverseMapping |
857 | Specifies whether | 857 | Specifies whether |
858 | .Nm | 858 | .Nm |
diff --git a/sshd_config b/sshd_config index d55a9e68c..dc940d922 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $ | 1 | # $OpenBSD: sshd_config,v 1.52 2002/05/04 02:39:35 deraadt Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See sshd(8) | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
4 | # for more information. | 4 | # for more information. |
@@ -80,7 +80,7 @@ | |||
80 | #PrintLastLog yes | 80 | #PrintLastLog yes |
81 | #KeepAlive yes | 81 | #KeepAlive yes |
82 | #UseLogin no | 82 | #UseLogin no |
83 | #UsePrivilegeSeparation no | 83 | #UsePrivilegeSeparation yes |
84 | 84 | ||
85 | #MaxStartups 10 | 85 | #MaxStartups 10 |
86 | # no default banner path | 86 | # no default banner path |