看板 FB_stable 關於我們 聯絡資訊
On Mon, Mar 3, 2014 at 11:03 AM, Mike Jakubik < mike.jakubik@intertainservices.com> wrote: > On 03/01/14 02:39, Andrey Chernov wrote: > >> On 01.03.2014 10:56, Andrey Chernov wrote: >> >>> Hi. >>> Default /etc/ssh/sshd_config have >>> #UsePrivilegeSeparation sandbox >>> I.e. 'sandbox' by default. It breaks logins with error: >>> sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network >>> socket [preauth] >>> Fixed by using old way, i.e. direct >>> UsePrivilegeSeparation yes >>> instead of 'sandbox'. Please fix this bug. >>> >> Just find that capsicum is required now for default (i.e. sandbox) mode. >> Don't think it is wise move, people may lost remote connections that >> way, at least UPDATING entry is needed, but check for WITHOUT_CAPSICUM >> for defaults will be better. >> >> > Personally I find this to be a monumental screw up, such a drastic change > and not even so much as an entry in UPDATING, what ever happened to POLA? > +1 I didn't get bitten by this by the good fortune of seeing the first message on this issue just minutes after I updated my system. Saw the change in mergemaster, so immediately edited the installed file back to "yes". But, if this had been a remote server, I would have been in deep weeds. This is simply not acceptable practice! -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"