upstream commit
UsePrivilegeSeparation defaults to sandbox now. ok djm@ Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
This commit is contained in:
sobrado@openbsd.org
Damien Miller
parent
2905d6f99c
commit
bdcb73fb76
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $
|
||||
.Dd $Mdocdate: September 11 2015 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
|
||||
.Dd $Mdocdate: October 7 2015 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -1587,14 +1587,19 @@ After successful authentication, another process will be created that has
|
|||
the privilege of the authenticated user.
|
||||
The goal of privilege separation is to prevent privilege
|
||||
escalation by containing any corruption within the unprivileged processes.
|
||||
The default is
|
||||
.Dq yes .
|
||||
The argument must be
|
||||
.Dq yes ,
|
||||
.Dq no ,
|
||||
or
|
||||
.Dq sandbox .
|
||||
If
|
||||
.Cm UsePrivilegeSeparation
|
||||
is set to
|
||||
.Dq sandbox
|
||||
then the pre-authentication unprivileged process is subject to additional
|
||||
restrictions.
|
||||
The default is
|
||||
.Dq sandbox .
|
||||
.It Cm VersionAddendum
|
||||
Optionally specifies additional text to append to the SSH protocol banner
|
||||
sent by the server upon connection.
|
||||
|
|
|
|||
Loading…
Reference in New Issue