tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

UsePrivilegeSeparation defaults to sandbox now.

ok djm@

Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
This commit is contained in:
sobrado@openbsd.org 2015-10-07 14:45:30 +00:00 committed by Damien Miller
parent 2905d6f99c
commit bdcb73fb76
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
.Dd $Mdocdate: September 11 2015 $ .Dd $Mdocdate: October 7 2015 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -1587,14 +1587,19 @@ After successful authentication, another process will be created that has
the privilege of the authenticated user. the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes. escalation by containing any corruption within the unprivileged processes.
The default is The argument must be
.Dq yes . .Dq yes ,
.Dq no ,
or
.Dq sandbox .
If If
.Cm UsePrivilegeSeparation .Cm UsePrivilegeSeparation
is set to is set to
.Dq sandbox .Dq sandbox
then the pre-authentication unprivileged process is subject to additional then the pre-authentication unprivileged process is subject to additional
restrictions. restrictions.
The default is
.Dq sandbox .
.It Cm VersionAddendum .It Cm VersionAddendum
Optionally specifies additional text to append to the SSH protocol banner Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection. sent by the server upon connection.