Date: Mon, 3 Mar 2014 22:47:43 +0100 From: Dimitry Andric <dimitry@andric.com> To: John Baldwin <jhb@freebsd.org> Cc: src-committers@freebsd.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, svn-src-stable-10@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@FreeBSD.org> Subject: Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp... Message-ID: <B69240EB-11C1-47F9-9D58-B42A40DDB094@andric.com> In-Reply-To: <201403031536.33679.jhb@freebsd.org> References: <201402271729.s1RHT2rx075258@svn.freebsd.org> <201403031536.33679.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 03 Mar 2014, at 21:36, John Baldwin <jhb@freebsd.org> wrote: > On Thursday, February 27, 2014 12:29:02 pm Dag-Erling SmXXrgrav wrote: >> Author: des >> Date: Thu Feb 27 17:29:02 2014 >> New Revision: 262566 >> URL: http://svnweb.freebsd.org/changeset/base/262566 >> >> Log: >> MFH (r261320): upgrade openssh to 6.5p1 >> MFH (r261340): enable sandboxing by default > > Mails on stable@ suggest that this latter change may be a bit of a POLA > violation as if people are using a custom kernel configuration that doesn't > include CAPSICUM they are now locked out of their boxes as sshd fails. It > seems that this is at least worth a note in UPDATING if not adding a > workaround to handle the case of a kernel without CAPSICUM. Wouldn't it be enough to merge r261499 ("Fix installations that use kernels without CAPABILITIES support") by pjd? -Dimitry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlMU+IgACgkQsF6jCi4glqPVrgCg6T1itIrxyezif62QRLrtKAp6 LY0AoLn8fqsxtojcxU0iG+xaX+Dypdk2 =9VPL -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B69240EB-11C1-47F9-9D58-B42A40DDB094>