- markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
diff --git a/ChangeLog b/ChangeLog
index 96f459c..2adca2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,9 @@
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
+ - markus@cvs.openbsd.org 2002/05/15 21:02:53
+ [servconf.c sshd.8 sshd_config]
+ disable privsep and enable setuid for the 3.2.2 release
- (bal) Fixed up PAM case. I think.
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
@@ -645,4 +648,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2132 2002/05/15 21:36:45 mouring Exp $
+$Id: ChangeLog,v 1.2133 2002/05/15 21:37:34 mouring Exp $
diff --git a/servconf.c b/servconf.c
index 5b894f7..5f8e74e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.108 2002/05/04 02:39:35 deraadt Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.109 2002/05/15 21:02:52 markus Exp $");
#if defined(KRB4)
#include <krb.h>
@@ -250,9 +250,9 @@
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
- /* Turn privilege separation on by default */
+ /* Turn privilege separation _off_ by default */
if (use_privsep == -1)
- use_privsep = 1;
+ use_privsep = 0;
}
/* Keyword tokens. */
diff --git a/sshd.8 b/sshd.8
index 109f16f..138bf65 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.180 2002/05/06 23:34:33 millert Exp $
+.\" $OpenBSD: sshd.8,v 1.181 2002/05/15 21:02:53 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -852,7 +852,7 @@
user. The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq yes .
+.Dq no .
.It Cm VerifyReverseMapping
Specifies whether
.Nm
diff --git a/sshd_config b/sshd_config
index dc940d9..e96f7a1 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.52 2002/05/04 02:39:35 deraadt Exp $
+# $OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
@@ -80,7 +80,7 @@
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation yes
+#UsePrivilegeSeparation no
#MaxStartups 10
# no default banner path