From 8c39fb3c7316fe6dd9339c99c79ccaf4933e6d5c Mon Sep 17 00:00:00 2001 From: sobrado Date: Wed, 7 Oct 2015 14:45:30 +0000 Subject: [PATCH] UsePrivilegeSeparation defaults to sandbox now. ok djm@ --- usr.bin/ssh/sshd_config.5 | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index a5953d79b8e..399013e4ce1 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $ -.Dd $Mdocdate: September 11 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $ +.Dd $Mdocdate: October 7 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1564,14 +1564,19 @@ After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. -The default is -.Dq yes . +The argument must be +.Dq yes , +.Dq no , +or +.Dq sandbox . If .Cm UsePrivilegeSeparation is set to .Dq sandbox then the pre-authentication unprivileged process is subject to additional restrictions. +The default is +.Dq sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. -- 2.20.1