Re: Call for testing: OpenSSH 7.2

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Fri, Feb 12, 2016 at 02:56:30PM +1100, Damien Miller wrote:
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.

According to bdcb7:sshd_config.5, UsePrivilegeSeparation is set to
"sandbox" by default.
But default in servconf.c is PRIVSEP_NOSANDBOX.

I suppose, we should sync servconf.c and sshd_config with documentation:

--- a/servconf.c
+++ b/servconf.c
@@ -362,7 +362,7 @@ fill_default_server_options(ServerOptions *options)
 
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
-		use_privsep = PRIVSEP_NOSANDBOX;
+		use_privsep = PRIVSEP_ON;
 
 #define CLEAR_ON_NONE(v) \
 	do { \
--- a/sshd_config
+++ b/sshd_config
@@ -107,7 +107,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-UsePrivilegeSeparation sandbox		# Default for new installations.
+#UsePrivilegeSeparation sandbox
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

-- 
glebfm
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux