diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2002-05-04 02:39:36 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2002-05-04 02:39:36 +0000 |
| commit | 0c096a25d48865d661cd4ebfd3391a77007093db (patch) | |
| tree | fbf5b951c904714fd25520098a3dbca29405aee2 | |
| parent | 624c2ae30f58573df740e7ef6fb993e1c9edfeb2 (diff) | |
enable privsep by default; provos ok
| -rw-r--r-- | usr.bin/ssh/servconf.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 730da2e91fd..25cf4697d6f 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.108 2002/05/04 02:39:35 deraadt Exp $"); #if defined(KRB4) || defined(KRB5) #include <krb.h> @@ -231,9 +231,9 @@ fill_default_server_options(ServerOptions *options) if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - /* Turn privilege separation _off_ by default */ + /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = 0; + use_privsep = 1; } /* Keyword tokens. */ diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index cc2db8a3b02..95f5f610863 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.179 2002/05/04 02:39:35 deraadt Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -844,7 +844,7 @@ another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq no . +.Dq yes . .It Cm VerifyReverseMapping Specifies whether .Nm diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 07899995a69..3dadb2ab7a1 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $ +# $OpenBSD: sshd_config,v 1.52 2002/05/04 02:39:35 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -74,7 +74,7 @@ #PrintLastLog yes #KeepAlive yes #UseLogin no -#UsePrivilegeSeparation no +#UsePrivilegeSeparation yes #MaxStartups 10 # no default banner path |