Date: Wed, 29 May 2013 00:19:59 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r251088 - head/crypto/openssh Message-ID: <201305290019.r4T0JxLE011755@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Wed May 29 00:19:58 2013 New Revision: 251088 URL: http://svnweb.freebsd.org/changeset/base/251088 Log: Revert a local change that sets the default for UsePrivilegeSeparation to "sandbox" instead of "yes". In sandbox mode, the privsep child is unable to load additional libraries and will therefore crash when trying to take advantage of crypto offloading on CPUs that support it. Modified: head/crypto/openssh/servconf.c Modified: head/crypto/openssh/servconf.c ============================================================================== --- head/crypto/openssh/servconf.c Wed May 29 00:18:12 2013 (r251087) +++ head/crypto/openssh/servconf.c Wed May 29 00:19:58 2013 (r251088) @@ -298,7 +298,7 @@ fill_default_server_options(ServerOption options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = PRIVSEP_ON; + use_privsep = PRIVSEP_NOSANDBOX; #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305290019.r4T0JxLE011755>