- markus@cvs.openbsd.org 2002/05/15 21:02:53

     [servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release

4 files changed, 11 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 96f459cc..2adca2b3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,9 @@
      [ssh.1 sshd.8]
      Kill/adjust r(login|exec)d? references now that those are no longer in
      the tree.
+   - markus@cvs.openbsd.org 2002/05/15 21:02:53
+     [servconf.c sshd.8 sshd_config]
+     disable privsep and enable setuid for the 3.2.2 release
  - (bal) Fixed up PAM case.  I think.
  - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
 
@@ -645,4 +648,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2132 2002/05/15 21:36:45 mouring Exp $
+$Id: ChangeLog,v 1.2133 2002/05/15 21:37:34 mouring Exp $
diff --git a/servconf.c b/servconf.c
index 5b894f74..5f8e74e3 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.108 2002/05/04 02:39:35 deraadt Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.109 2002/05/15 21:02:52 markus Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
@@ -250,9 +250,9 @@ fill_default_server_options(ServerOptions *options)
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
 
-	/* Turn privilege separation on by default */
+	/* Turn privilege separation _off_ by default */
 	if (use_privsep == -1)
-		use_privsep = 1;
+		use_privsep = 0;
 }
 
 /* Keyword tokens. */
diff --git a/sshd.8 b/sshd.8
index 109f16fd..138bf651 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.180 2002/05/06 23:34:33 millert Exp $
+.\" $OpenBSD: sshd.8,v 1.181 2002/05/15 21:02:53 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -852,7 +852,7 @@ another process will be created that has the privilege of the authenticated
 user.  The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
-.Dq yes .
+.Dq no .
 .It Cm VerifyReverseMapping
 Specifies whether
 .Nm
diff --git a/sshd_config b/sshd_config
index dc940d92..e96f7a1d 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.52 2002/05/04 02:39:35 deraadt Exp $
+#	$OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $
 
 # This is the sshd server system-wide configuration file.  See sshd(8)
 # for more information.
@@ -80,7 +80,7 @@
 #PrintLastLog yes
 #KeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation yes
+#UsePrivilegeSeparation no
 
 #MaxStartups 10
 # no default banner path