diff options
author | Igor Sobrado <sobrado@cvs.openbsd.org> | 2015-10-07 14:45:31 +0000 |
---|---|---|
committer | Igor Sobrado <sobrado@cvs.openbsd.org> | 2015-10-07 14:45:31 +0000 |
commit | 49cf86b727e5f18716a5d9eddb740303ff7e1bba (patch) | |
tree | aa3d960a1b2cc6e0a6b5370eb1ef0d55813bf35e /usr.bin | |
parent | e0b477fd3dfebf94400f2e3d039215ca3ed47199 (diff) |
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/sshd_config.5 | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index a5953d79b8e..399013e4ce1 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $ -.Dd $Mdocdate: September 11 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $ +.Dd $Mdocdate: October 7 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1564,14 +1564,19 @@ After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. -The default is -.Dq yes . +The argument must be +.Dq yes , +.Dq no , +or +.Dq sandbox . If .Cm UsePrivilegeSeparation is set to .Dq sandbox then the pre-authentication unprivileged process is subject to additional restrictions. +The default is +.Dq sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. |