privilege separation code is now enabled by default for in-tree sshd.
	you need to modify /etc to use this:
	- sshd uid/gid
	- /var/empty directory, which is empty
	if they do not exit, sshd will refuse to let you log in.

	normal build process will dig /var/empty.  you will need to dig sshd
	uid/gid by modifying /etc.  postinstall checks these and barks if
	they are not available.

itojun

------- Forwarded Message

	by coconut.itojun.org (Postfix) with SMTP id 3FC644B22
	for <itojun@itojun.org>; Wed, 15 May 2002 08:33:22 +0900 (JST)
  by mail.netbsd.org with SMTP; 14 May 2002 23:33:09 -0000
	id C6784B004; Wed, 15 May 2002 02:33:08 +0300 (EEST)
From: Jun-ichiro itojun Hagino <itojun@netbsd.org>
Subject: CVS commit: basesrc
To: source-changes@netbsd.org
Reply-To: itojun@netbsd.org
Message-Id: <20020514233308.C6784B004@cvs.netbsd.org>
Date: Wed, 15 May 2002 02:33:08 +0300 (EEST)
Sender: source-changes-owner@netbsd.org


Module Name:	basesrc
Committed By:	itojun
Date:		Tue May 14 23:33:08 UTC 2002

Modified Files:
	basesrc: UPDATING
	basesrc/crypto/dist/ssh: servconf.c sshd.c sshd_config

Log Message:
turn on privilege separation, as 3.2.1 default do.
requires sshd uid/gid as well as /var/empty directory.


To generate a diff of this commit:
cvs rdiff -r1.60 -r1.61 basesrc/UPDATING
cvs rdiff -r1.18 -r1.19 basesrc/crypto/dist/ssh/servconf.c
cvs rdiff -r1.20 -r1.21 basesrc/crypto/dist/ssh/sshd.c
cvs rdiff -r1.13 -r1.14 basesrc/crypto/dist/ssh/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


------- End of Forwarded Message