Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / fb62a6948834281fd5628e5566f17c1767a17763^! / .
commitfb62a6948834281fd5628e5566f17c1767a17763[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Thu Jun 06 19:47:11 2002 +0000
committerBen Lindstrom <mouring@eviladmin.org>Thu Jun 06 19:47:11 2002 +0000
tree78be4ed1e64fcc0df2cd2e65e3ad19bd05e2efba
parentdf75dd21f53829f97eff225c87a71e43c8ec4064 [diff]
   - markus@cvs.openbsd.org 2002/05/15 21:56:38
     [servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2

diff --git a/ChangeLog b/ChangeLog
index 7565ddd..3631205 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,3 +1,9 @@
+20020606
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/05/15 21:56:38
+     [servconf.c sshd.8 sshd_config]
+     re-enable privsep and disable setuid for post-3.2.2
+
 20020604
  - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
    setsockopt from debug to error for now).
@@ -681,4 +687,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2143 2002/06/04 20:52:19 stevesk Exp $
+$Id: ChangeLog,v 1.2144 2002/06/06 19:47:11 mouring Exp $

diff --git a/servconf.c b/servconf.c
index 5f8e74e..7a776ac 100644
--- a/servconf.c
+++ b/servconf.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.109 2002/05/15 21:02:52 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.110 2002/05/15 21:56:38 markus Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
@@ -250,9 +250,9 @@
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
 
-	/* Turn privilege separation _off_ by default */
+	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
-		use_privsep = 0;
+		use_privsep = 1;
 }
 
 /* Keyword tokens. */

diff --git a/sshd.8 b/sshd.8
index 138bf65..114abd8 100644
--- a/sshd.8
+++ b/sshd.8

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.181 2002/05/15 21:02:53 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.182 2002/05/15 21:56:38 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -852,7 +852,7 @@
 user.  The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
-.Dq no .
+.Dq yes .
 .It Cm VerifyReverseMapping
 Specifies whether
 .Nm

diff --git a/sshd_config b/sshd_config
index e96f7a1..b870cb4 100644
--- a/sshd_config
+++ b/sshd_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $
+#	$OpenBSD: sshd_config,v 1.54 2002/05/15 21:56:38 markus Exp $
 
 # This is the sshd server system-wide configuration file.  See sshd(8)
 # for more information.
@@ -80,7 +80,7 @@
 #PrintLastLog yes
 #KeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation no
+#UsePrivilegeSeparation yes
 
 #MaxStartups 10
 # no default banner path