[openssh-commits] [openssh] 02/04: upstream commit

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e
Author: sobrado at openbsd.org <sobrado at openbsd.org>
Date:   Wed Oct 7 14:45:30 2015 +0000

    upstream commit
    
    UsePrivilegeSeparation defaults to sandbox now.
    
    ok djm@
    
    Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
---
 sshd_config.5 | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index cd3b5cf..149dc7e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $
-.Dd $Mdocdate: September 11 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
+.Dd $Mdocdate: October 7 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1587,14 +1587,19 @@ After successful authentication, another process will be created that has
 the privilege of the authenticated user.
 The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
+The argument must be
+.Dq yes ,
+.Dq no ,
+or
+.Dq sandbox .
 If
 .Cm UsePrivilegeSeparation
 is set to
 .Dq sandbox
 then the pre-authentication unprivileged process is subject to additional
 restrictions.
+The default is
+.Dq sandbox .
 .It Cm VersionAddendum
 Optionally specifies additional text to append to the SSH protocol banner
 sent by the server upon connection.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.