Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 May 2013 00:19:59 +0000 (UTC)
From:      Dag-Erling Smørgrav <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r251088 - head/crypto/openssh
Message-ID:  <201305290019.r4T0JxLE011755@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Wed May 29 00:19:58 2013
New Revision: 251088
URL: http://svnweb.freebsd.org/changeset/base/251088

Log:
  Revert a local change that sets the default for UsePrivilegeSeparation to
  "sandbox" instead of "yes".  In sandbox mode, the privsep child is unable
  to load additional libraries and will therefore crash when trying to take
  advantage of crypto offloading on CPUs that support it.

Modified:
  head/crypto/openssh/servconf.c

Modified: head/crypto/openssh/servconf.c
==============================================================================
--- head/crypto/openssh/servconf.c	Wed May 29 00:18:12 2013	(r251087)
+++ head/crypto/openssh/servconf.c	Wed May 29 00:19:58 2013	(r251088)
@@ -298,7 +298,7 @@ fill_default_server_options(ServerOption
 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
-		use_privsep = PRIVSEP_ON;
+		use_privsep = PRIVSEP_NOSANDBOX;
 
 #ifndef HAVE_MMAP
 	if (use_privsep && options->compression == 1) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305290019.r4T0JxLE011755>