Call for testing: OpenSSH 7.5p1
djm at mindrot.org
Wed Mar 15 11:47:20 AEDT 2017
On Tue, 14 Mar 2017, Jakub Jelen wrote:
> I don't see this option deprecated in current portable master. Still in place.
> How are we going to be able to switch between Sandbox and just privilege
We might consider some way of disabling sandboxing (apart from editing
the source) if there is user demand, but I think developers/packagers
can figure out sandbox violations pretty easily from dmesg, etc.
> As far as I remember, various people still use this use case to test
> other SSH implementation (privsep requires running a root, isn't it?).
No, only setuid to an unprivileged user needs that; the rest of privsep
including sandboxing is still active if sshd is run as a regular user.
> > * Fix various fallout and sharp edges caused by removing SSH protocol
> > 1 support from the server, including the server banner string being
> > incorrectly terminated with only \n (instead of \r\n), and
> > confusing error messages from ssh-keyscan bz#2583.
> I would vouch for this bug get fixed too in the relation to the SSH1 removal:
> Also this one is a bit confusing:
Will take a look.
More information about the openssh-unix-dev