diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2012-07-10 02:19:16 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2012-07-10 02:19:16 +0000 |
| commit | 788b31d9696259e771e3ce9871c738955b91ab47 (patch) | |
| tree | 632b36d27d1abf3d02ad4f384e0ecd02cd23a7c6 /usr.bin | |
| parent | f958233df3739f14d91315733b66111fa3f65734 (diff) | |
Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
prodded markus@ feedback dtucker@ "get it in" deraadt@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/servconf.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config | 4 |
4 files changed, 11 insertions, 10 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 17942069769..79c3cbb3df1 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.227 2012/06/19 18:25:27 markus Exp $ */ +/* $OpenBSD: servconf.c,v 1.228 2012/07/10 02:19:15 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -271,7 +271,7 @@ fill_default_server_options(ServerOptions *options) options->version_addendum = xstrdup(""); /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = PRIVSEP_ON; + use_privsep = PRIVSEP_NOSANDBOX; } /* Keyword tokens. */ @@ -731,8 +731,9 @@ static const struct multistate multistate_gatewayports[] = { { NULL, -1 } }; static const struct multistate multistate_privsep[] = { - { "sandbox", PRIVSEP_SANDBOX }, - { "yes", PRIVSEP_ON }, + { "yes", PRIVSEP_NOSANDBOX }, + { "sandbox", PRIVSEP_ON }, + { "nosandbox", PRIVSEP_NOSANDBOX }, { "no", PRIVSEP_OFF }, { NULL, -1 } }; diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index baea5f4577e..7e8f0ecc413 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.102 2012/06/19 18:25:28 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.103 2012/07/10 02:19:15 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -39,7 +39,7 @@ /* use_privsep */ #define PRIVSEP_OFF 0 #define PRIVSEP_ON 1 -#define PRIVSEP_SANDBOX 2 +#define PRIVSEP_NOSANDBOX 2 #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 383920d71a9..51ccb82710c 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.392 2012/06/30 14:35:09 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -622,7 +622,7 @@ privsep_preauth(Authctxt *authctxt) /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; - if (use_privsep == PRIVSEP_SANDBOX) + if (use_privsep == PRIVSEP_ON) box = ssh_sandbox_init(); pid = fork(); if (pid == -1) { diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 74f0b13756d..1c600a89112 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $ +# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -86,7 +86,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 |