tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Mark the sshd_config UsePrivilegeSeparation option as
deprecated, effectively making privsep mandatory in sandboxing mode. ok
markus@ deraadt@

(note: this doesn't remove the !privsep code paths, though that will
happen eventually).

Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
This commit is contained in:
djm@openbsd.org 2017-03-14 07:19:07 +00:00 committed by Damien Miller
parent f86586b03f
commit 66705948c0
3 changed files with 5 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
servconf.c
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.305 2017/03/10 04:11:00 dtucker Exp $ */ /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -535,7 +535,7 @@ static struct {
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "acceptenv", sAcceptEnv, SSHCFG_ALL },
{ "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL },
{ "permittty", sPermitTTY, SSHCFG_ALL }, { "permittty", sPermitTTY, SSHCFG_ALL },
@ -1374,11 +1374,6 @@ process_server_config_line(ServerOptions *options, char *line,
intptr = &options->disable_forwarding; intptr = &options->disable_forwarding;
goto parse_flag; goto parse_flag;
case sUsePrivilegeSeparation:
intptr = &use_privsep;
multistate_ptr = multistate_privsep;
goto parse_multistate;
case sAllowUsers: case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') { while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS) if (options->num_allow_users >= MAX_ALLOW_USERS)
@ -2107,8 +2102,6 @@ fmt_intarg(ServerOpCodes code, int val)
return fmt_multistate_int(val, multistate_gatewayports); return fmt_multistate_int(val, multistate_gatewayports);
case sCompression: case sCompression:
return fmt_multistate_int(val, multistate_compression); return fmt_multistate_int(val, multistate_compression);
case sUsePrivilegeSeparation:
return fmt_multistate_int(val, multistate_privsep);
case sAllowTcpForwarding: case sAllowTcpForwarding:
return fmt_multistate_int(val, multistate_tcpfwd); return fmt_multistate_int(val, multistate_tcpfwd);
case sAllowStreamLocalForwarding: case sAllowStreamLocalForwarding:
@ -2284,7 +2277,6 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
/* string arguments */ /* string arguments */

3
sshd_config
View File

@ -1,4 +1,4 @@
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # sshd_config(5) for more information.
@ -93,7 +93,6 @@ AuthorizedKeysFile .ssh/authorized_keys
#PrintLastLog yes #PrintLastLog yes
#TCPKeepAlive yes #TCPKeepAlive yes
#UseLogin no #UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no #PermitUserEnvironment no
#Compression delayed #Compression delayed
#ClientAliveInterval 0 #ClientAliveInterval 0

26
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.242 2017/02/03 23:01:19 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
.Dd $Mdocdate: February 3 2017 $ .Dd $Mdocdate: March 14 2017 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -1494,28 +1494,6 @@ is enabled, you will not be able to run
as a non-root user. as a non-root user.
The default is The default is
.Cm no . .Cm no .
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The argument must be
.Cm yes ,
.Cm no ,
or
.Cm sandbox .
If
.Cm UsePrivilegeSeparation
is set to
.Cm sandbox
then the pre-authentication unprivileged process is subject to additional
restrictions.
The default is
.Cm sandbox .
.It Cm VersionAddendum .It Cm VersionAddendum
Optionally specifies additional text to append to the SSH protocol banner Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection. sent by the server upon connection.