upstream commit make sandboxed privilege separation the default, not just for new installs; "absolutely" deraadt@ Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b

commit: c5c3f3279a0e4044b8de71b70d3570d692d0f29d [log] [tgz]
author: djm@openbsd.org <djm@openbsd.org> Wed Feb 17 05:29:04 2016 +0000
committer: Damien Miller <djm@mindrot.org> Wed Feb 17 16:37:56 2016 +1100
tree: 72b85707e4fd5bd40a9184a88d09e8eed5e29897
parent: eb3f7337a651aa01d5dec019025e6cdc124ed081 [diff] [blame]
diff --git a/servconf.c b/servconf.c
index 7bee5a1..c0b6f6e 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.284 2016/01/29 02:54:45 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.285 2016/02/17 05:29:04 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -356,9 +356,9 @@
 
 	assemble_algorithms(options);
 
-	/* Turn privilege separation on by default */
+	/* Turn privilege separation and sandboxing on by default */
 	if (use_privsep == -1)
-		use_privsep = PRIVSEP_NOSANDBOX;
+		use_privsep = PRIVSEP_ON;
 
 #define CLEAR_ON_NONE(v) \
 	do { \
commit	c5c3f3279a0e4044b8de71b70d3570d692d0f29d	[log] [tgz]
author	djm@openbsd.org <djm@openbsd.org>	Wed Feb 17 05:29:04 2016 +0000
committer	Damien Miller <djm@mindrot.org>	Wed Feb 17 16:37:56 2016 +1100
tree	72b85707e4fd5bd40a9184a88d09e8eed5e29897
parent	eb3f7337a651aa01d5dec019025e6cdc124ed081 [diff] [blame]