openssh in stable-10 broken config or sandbox
Mike Jakubik
mike.jakubik at intertainservices.com
Mon Mar 3 19:03:29 UTC 2014
On 03/01/14 02:39, Andrey Chernov wrote:
> On 01.03.2014 10:56, Andrey Chernov wrote:
>> Hi.
>> Default /etc/ssh/sshd_config have
>> #UsePrivilegeSeparation sandbox
>> I.e. 'sandbox' by default. It breaks logins with error:
>> sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network socket [preauth]
>> Fixed by using old way, i.e. direct
>> UsePrivilegeSeparation yes
>> instead of 'sandbox'. Please fix this bug.
> Just find that capsicum is required now for default (i.e. sandbox) mode.
> Don't think it is wise move, people may lost remote connections that
> way, at least UPDATING entry is needed, but check for WITHOUT_CAPSICUM
> for defaults will be better.
>
Personally I find this to be a monumental screw up, such a drastic
change and not even so much as an entry in UPDATING, what ever happened
to POLA?
More information about the freebsd-stable
mailing list