Re: openssh in stable-10 broken config or sandbox
On 03/01/14 02:39, Andrey Chernov wrote:
> On 01.03.2014 10:56, Andrey Chernov wrote:
>> Hi.
>> Default /etc/ssh/sshd_config have
>> #UsePrivilegeSeparation sandbox
>> I.e. 'sandbox' by default. It breaks logins with error:
>> sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network socket [preauth]
>> Fixed by using old way, i.e. direct
>> UsePrivilegeSeparation yes
>> instead of 'sandbox'. Please fix this bug.
> Just find that capsicum is required now for default (i.e. sandbox) mode.
> Don't think it is wise move, people may lost remote connections that
> way, at least UPDATING entry is needed, but check for WITHOUT_CAPSICUM
> for defaults will be better.
>
Personally I find this to be a monumental screw up, such a drastic
change and not even so much as an entry in UPDATING, what ever happened
to POLA?
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 9 篇):