mirror of git://anongit.mindrot.org/openssh.git
- djm@cvs.openbsd.org 2008/04/04 06:44:26
[sshd_config.5]
oops, some unrelated stuff crept into that commit - backout.
spotted by jmc@
This commit is contained in:
Damien Miller
parent
797e3d117f
commit
56f41ddc54
|
|
@ -4,6 +4,10 @@
|
|||
[sshd_config.5]
|
||||
ChrootDirectory is supported in Match blocks (in fact, it is most useful
|
||||
there). Spotted by Minstrel AT minstrel.org.uk
|
||||
- djm@cvs.openbsd.org 2008/04/04 06:44:26
|
||||
[sshd_config.5]
|
||||
oops, some unrelated stuff crept into that commit - backout.
|
||||
spotted by jmc@
|
||||
|
||||
20080403
|
||||
- (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
|
||||
|
|
@ -3864,4 +3868,4 @@
|
|||
OpenServer 6 and add osr5bigcrypt support so when someone migrates
|
||||
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
||||
|
||||
$Id: ChangeLog,v 1.4906 2008/05/19 04:27:42 djm Exp $
|
||||
$Id: ChangeLog,v 1.4907 2008/05/19 04:28:19 djm Exp $
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.85 2008/04/04 05:14:38 djm Exp $
|
||||
.Dd $Mdocdate: April 4 2008 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.86 2008/04/04 06:44:26 djm Exp $
|
||||
.Dd $Mdocdate: May 19 2008 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -210,29 +210,6 @@ in-process sftp server is used (see
|
|||
.Cm Subsystem
|
||||
for details).
|
||||
.Pp
|
||||
Please note that there are many ways to misconfigure a chroot environment
|
||||
in ways that compromise security.
|
||||
These include:
|
||||
.Pp
|
||||
.Bl -dash -offset indent -compact
|
||||
.It
|
||||
Making unsafe setuid binaries available;
|
||||
.It
|
||||
Having missing or incorrect configuration files in the chroot's
|
||||
.Pa /etc
|
||||
directory;
|
||||
.It
|
||||
Hard-linking files between the chroot and outside;
|
||||
.It
|
||||
Leaving unnecessary
|
||||
.Pa /dev
|
||||
nodes accessible inside the chroot (especially those for physical drives);
|
||||
.It
|
||||
Executing scripts or binaries inside the chroot from outside, either
|
||||
directly or through facilities such as
|
||||
.Xr cron 8 .
|
||||
.El
|
||||
.Pp
|
||||
The default is not to
|
||||
.Xr chroot 2 .
|
||||
.It Cm Ciphers
|
||||
|
|
@ -363,11 +340,6 @@ Specifying a command of
|
|||
will force the use of an in-process sftp server that requires no support
|
||||
files when used with
|
||||
.Cm ChrootDirectory .
|
||||
Note that
|
||||
.Dq internal-sftp
|
||||
is only supported when
|
||||
.Cm UsePrivilegeSeparation
|
||||
is enabled.
|
||||
.It Cm GatewayPorts
|
||||
Specifies whether remote hosts are allowed to connect to ports
|
||||
forwarded for the client.
|
||||
|
|
@ -830,11 +802,6 @@ server.
|
|||
This may simplify configurations using
|
||||
.Cm ChrootDirectory
|
||||
to force a different filesystem root on clients.
|
||||
Note that
|
||||
.Dq internal-sftp
|
||||
is only supported when
|
||||
.Cm UsePrivilegeSeparation
|
||||
is enabled.
|
||||
.Pp
|
||||
By default no subsystems are defined.
|
||||
Note that this option applies to protocol version 2 only.
|
||||
|
|
|
|||
Loading…
Reference in New Issue