From bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e Mon Sep 17 00:00:00 2001
From: "sobrado@openbsd.org" <sobrado@openbsd.org>
Date: Wed, 7 Oct 2015 14:45:30 +0000
Subject: upstream commit

UsePrivilegeSeparation defaults to sandbox now.

ok djm@

Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
---
 sshd_config.5 | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index cd3b5cfe3..149dc7e14 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $
-.Dd $Mdocdate: September 11 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
+.Dd $Mdocdate: October 7 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1587,14 +1587,19 @@ After successful authentication, another process will be created that has
 the privilege of the authenticated user.
 The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
+The argument must be
+.Dq yes ,
+.Dq no ,
+or
+.Dq sandbox .
 If
 .Cm UsePrivilegeSeparation
 is set to
 .Dq sandbox
 then the pre-authentication unprivileged process is subject to additional
 restrictions.
+The default is
+.Dq sandbox .
 .It Cm VersionAddendum
 Optionally specifies additional text to append to the SSH protocol banner
 sent by the server upon connection.
-- 
cgit v1.2.3