[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
+ - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
+ [servconf.c sshd.8 sshd_config]
+ enable privsep by default; provos ok
- (bal) Fixed up PAM case. I think.
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.107 2002/04/22 16:16:53 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.108 2002/05/04 02:39:35 deraadt Exp $");
#if defined(KRB4)
#include <krb.h>
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
- /* Turn privilege separation _off_ by default */
+ /* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = 0;
+ use_privsep = 1;
}
/* Keyword tokens. */
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.178 2002/04/22 16:16:53 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.179 2002/05/04 02:39:35 deraadt Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
user. The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq no .
+.Dq yes .
.It Cm VerifyReverseMapping
Specifies whether
.Nm
-# $OpenBSD: sshd_config,v 1.51 2002/04/22 16:16:53 markus Exp $
+# $OpenBSD: sshd_config,v 1.52 2002/05/04 02:39:35 deraadt Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation no
+#UsePrivilegeSeparation yes
#MaxStartups 10
# no default banner path