From owner-svn-src-all@FreeBSD.ORG Wed May 29 00:19:59 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5C18AD63; Wed, 29 May 2013 00:19:59 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 4EF9B797; Wed, 29 May 2013 00:19:59 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4T0Jxad011757; Wed, 29 May 2013 00:19:59 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4T0JxLE011755; Wed, 29 May 2013 00:19:59 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201305290019.r4T0JxLE011755@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Wed, 29 May 2013 00:19:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r251088 - head/crypto/openssh X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2013 00:19:59 -0000 Author: des Date: Wed May 29 00:19:58 2013 New Revision: 251088 URL: http://svnweb.freebsd.org/changeset/base/251088 Log: Revert a local change that sets the default for UsePrivilegeSeparation to "sandbox" instead of "yes". In sandbox mode, the privsep child is unable to load additional libraries and will therefore crash when trying to take advantage of crypto offloading on CPUs that support it. Modified: head/crypto/openssh/servconf.c Modified: head/crypto/openssh/servconf.c ============================================================================== --- head/crypto/openssh/servconf.c Wed May 29 00:18:12 2013 (r251087) +++ head/crypto/openssh/servconf.c Wed May 29 00:19:58 2013 (r251088) @@ -298,7 +298,7 @@ fill_default_server_options(ServerOption options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = PRIVSEP_ON; + use_privsep = PRIVSEP_NOSANDBOX; #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) {