Date: Mon, 03 Mar 2014 14:03:21 -0500 From: Mike Jakubik <mike.jakubik@intertainservices.com> To: Andrey Chernov <ache@freebsd.org>, des@freebsd.org, stable@freebsd.org Subject: Re: openssh in stable-10 broken config or sandbox Message-ID: <5314D1F9.20909@intertainservices.com> In-Reply-To: <53118E9C.5030804@freebsd.org> References: <531184A8.4050909@freebsd.org> <53118E9C.5030804@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/01/14 02:39, Andrey Chernov wrote: > On 01.03.2014 10:56, Andrey Chernov wrote: >> Hi. >> Default /etc/ssh/sshd_config have >> #UsePrivilegeSeparation sandbox >> I.e. 'sandbox' by default. It breaks logins with error: >> sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network socket [preauth] >> Fixed by using old way, i.e. direct >> UsePrivilegeSeparation yes >> instead of 'sandbox'. Please fix this bug. > Just find that capsicum is required now for default (i.e. sandbox) mode. > Don't think it is wise move, people may lost remote connections that > way, at least UPDATING entry is needed, but check for WITHOUT_CAPSICUM > for defaults will be better. > Personally I find this to be a monumental screw up, such a drastic change and not even so much as an entry in UPDATING, what ever happened to POLA?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5314D1F9.20909>