Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Jul 2002 11:16:39 -0700
From:      Peter Avalos <pavalos@theshell.com>
To:        Dag-Erling Smorgrav <des@ofug.org>
Cc:        stable@freebsd.org
Subject:   Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1
Message-ID:  <20020704181639.GD19623@theshell.com>
In-Reply-To: <xzpd6u42utq.fsf@flood.ping.uio.no>
References:  <xzpd6u42utq.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help 

--uh9ZiVrAOUUm9fzH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 04, 2002 at 02:36:01AM +0200, Dag-Erling Smorgrav wrote:
>=20
> Privilege separation is turned off by default, because it breaks
> Kerberos ticket passing.  If you don't use ticket passing, or don't
> know what Kerberos is, it should be safe to turn privilege separation
> on in /etc/ssh/sshd_config (after make world and mergemaster, of
> course.)

Since this turned off by default in FreeBSD, I think the man page
should be changed as well:

This is against HEAD.

Index: sshd_config.5
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/fbsd/src/crypto/openssh/sshd_config.5,v
retrieving revision 1.5
diff -u -r1.5 sshd_config.5
--- sshd_config.5	29 Jun 2002 11:48:59 -0000	1.5
+++ sshd_config.5	4 Jul 2002 18:14:27 -0000
@@ -596,7 +596,7 @@
 user.  The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
-.Dq yes .
+.Dq no .
 .It Cm VerifyReverseMapping
 Specifies whether
 .Nm sshd

--uh9ZiVrAOUUm9fzH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9JJEHKjaxugguz8URAjugAJ9Fm3inE5msYvg2/Boy7xB0AG3mlQCfVeeU
k0RN8NZjAO84LBVZQl2fwJ4=
=q2Zs
-----END PGP SIGNATURE-----

--uh9ZiVrAOUUm9fzH--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704181639.GD19623>