From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-206234-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 110863 invoked by alias); 21 Dec 2016 18:26:16 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 110830 invoked by uid 89); 21 Dec 2016 18:26:14 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Hx-spam-relays-external:sk:smtp-ou, H*RU:sk:smtp-ou, Hx-spam-relays-external:shaw.ca, H*r:shaw.ca
X-HELO: smtp-out-so.shaw.ca
Received: from smtp-out-so.shaw.ca (HELO smtp-out-so.shaw.ca) (64.59.136.137) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 21 Dec 2016 18:26:13 +0000
Received: from [192.168.1.100] ([174.0.238.184])	by shaw.ca with SMTP	id JladczONlIwqSJlaec59Qr; Wed, 21 Dec 2016 11:26:12 -0700
X-Authority-Analysis: v=2.2 cv=cNuQihWN c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=IkcTkHD0fZMA:10 a=ZPuISKdX4XqyQfqdL7sA:9 a=QEXdDO2ut3YA:10
Subject: Re: [ANNOUNCEMENT] Updated: OpenSSH-7.4p1-1
References: <announce.20161220204451.GA11925@calimero.vinschen.de> <CAKf2h5SmHDhJqufVqZ92d4nyevQyEC+60gA64eQB5WwLdqDLeA@mail.gmail.com> <20161221164140.GA5707@calimero.vinschen.de> <CACoZoo3459oO5kMuaWrVU4L7bQTLe8fDFSR_5zqQShTG3d39EQ@mail.gmail.com>
To: cygwin@cygwin.com
Reply-To: Brian.Inglis@SystematicSw.ab.ca
From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
Message-ID: <607f4841-c81b-2a48-f76c-aa610a7d89d8@SystematicSw.ab.ca>
Date: Wed, 21 Dec 2016 18:26:00 -0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <CACoZoo3459oO5kMuaWrVU4L7bQTLe8fDFSR_5zqQShTG3d39EQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfM673kgAgpLjlvBNKjXcenyGMsovPZ4tnExuV8IPZMX5TfUeOrbUd4us9LU1spiVyU+ezSTG1H9d8xA892vTD/TcP2SiXLSBVRpyjVXpDmkzduWticiO h3pyEHhQHNNEHuSRfaM0Nm66vs0kZRlNL2BuRxygo4TUQYK/i2ndKFY+9rlnzxh5+uKaLFvv6tGdwA==
X-IsSubscribed: yes
X-SW-Source: 2016-12/txt/msg00228.txt.bz2

On 2016-12-21 10:39, Erik Soderquist wrote:
> On Wed, Dec 21, 2016 at 11:41 AM, Corinna Vinschen wrote:
>> In /etc/sshd_config:
>>   UsePrivilegeSeparation yes
> Essentially this no longer becomes optional? Or am I misreading?

They are dropping support for the *no* option.
The default is currently *sandbox*, which adds additional 
restrictions to *yes* prior to login.
If you don't have the option in sshd_config you're secure, and will 
not have any problems with upgrades or known exploits.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple