From owner-freebsd-stable Thu Jul 4 11:16:44 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB54C37B400 for ; Thu, 4 Jul 2002 11:16:40 -0700 (PDT) Received: from theshell.com (arsenic.theshell.com [63.236.138.5]) by mx1.FreeBSD.org (Postfix) with SMTP id 643BF43E09 for ; Thu, 4 Jul 2002 11:16:40 -0700 (PDT) (envelope-from pavalos@theshell.com) Received: (qmail 3270 invoked from network); 4 Jul 2002 18:16:40 -0000 Received: from oxygen.theshell.com (pavalos@63.236.138.8) by arsenic.theshell.com with SMTP; 4 Jul 2002 18:16:40 -0000 Received: (from pavalos@localhost) by oxygen.theshell.com (8.12.3/8.12.3) id g64IGd7I025475; Thu, 4 Jul 2002 11:16:39 -0700 (PDT) (envelope-from pavalos) Date: Thu, 4 Jul 2002 11:16:39 -0700 From: Peter Avalos To: Dag-Erling Smorgrav Cc: stable@freebsd.org Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1 Message-ID: <20020704181639.GD19623@theshell.com> Mail-Followup-To: Dag-Erling Smorgrav , stable@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uh9ZiVrAOUUm9fzH" Content-Disposition: inline In-Reply-To: Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --uh9ZiVrAOUUm9fzH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 04, 2002 at 02:36:01AM +0200, Dag-Erling Smorgrav wrote: >=20 > Privilege separation is turned off by default, because it breaks > Kerberos ticket passing. If you don't use ticket passing, or don't > know what Kerberos is, it should be safe to turn privilege separation > on in /etc/ssh/sshd_config (after make world and mergemaster, of > course.) Since this turned off by default in FreeBSD, I think the man page should be changed as well: This is against HEAD. Index: sshd_config.5 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvsroot/fbsd/src/crypto/openssh/sshd_config.5,v retrieving revision 1.5 diff -u -r1.5 sshd_config.5 --- sshd_config.5 29 Jun 2002 11:48:59 -0000 1.5 +++ sshd_config.5 4 Jul 2002 18:14:27 -0000 @@ -596,7 +596,7 @@ user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq yes . +.Dq no . .It Cm VerifyReverseMapping Specifies whether .Nm sshd --uh9ZiVrAOUUm9fzH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9JJEHKjaxugguz8URAjugAJ9Fm3inE5msYvg2/Boy7xB0AG3mlQCfVeeU k0RN8NZjAO84LBVZQl2fwJ4= =q2Zs -----END PGP SIGNATURE----- --uh9ZiVrAOUUm9fzH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message