- djm@cvs.openbsd.org 2012/07/10 02:19:15 [servconf.c servconf.h sshd.c sshd_config] Turn on systrace sandboxing of pre-auth sshd by default for new installs by shipping a config that overrides the current UsePrivilegeSeparation=yes default. Make it easier to flip the default in the future by adding too.

commit: 5a5c2b9063fc3d7315424702b01527ccb0d4c0c9 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Tue Jul 31 12:21:34 2012 +1000
committer: Damien Miller <djm@mindrot.org> Tue Jul 31 12:21:34 2012 +1000
tree: 6bee6b7c37627e0c40544783400285c51d656348
parent: 709a1e90d9cfb7a0e8cdf57fa967d163c010a6bb [diff] [blame]
diff --git a/sshd_config b/sshd_config
index ec3ca2a..9424ee2 100644
--- a/sshd_config
+++ b/sshd_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $
+#	$OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -99,7 +99,7 @@
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox		# Default for new installations.
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
commit	5a5c2b9063fc3d7315424702b01527ccb0d4c0c9	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Tue Jul 31 12:21:34 2012 +1000
committer	Damien Miller <djm@mindrot.org>	Tue Jul 31 12:21:34 2012 +1000
tree	6bee6b7c37627e0c40544783400285c51d656348
parent	709a1e90d9cfb7a0e8cdf57fa967d163c010a6bb [diff] [blame]