From bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e Mon Sep 17 00:00:00 2001 From: "sobrado@openbsd.org" Date: Wed, 7 Oct 2015 14:45:30 +0000 Subject: [PATCH] upstream commit UsePrivilegeSeparation defaults to sandbox now. ok djm@ Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f --- sshd_config.5 | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sshd_config.5 b/sshd_config.5 index cd3b5cfe3..149dc7e14 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $ -.Dd $Mdocdate: September 11 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $ +.Dd $Mdocdate: October 7 2015 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1587,14 +1587,19 @@ After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. -The default is -.Dq yes . +The argument must be +.Dq yes , +.Dq no , +or +.Dq sandbox . If .Cm UsePrivilegeSeparation is set to .Dq sandbox then the pre-authentication unprivileged process is subject to additional restrictions. +The default is +.Dq sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection.