X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:references:to:reply-to:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=FUm0HNKI1EU9kl5n
	1ViZqOW/ADKc9K+Wncp5+thstD1wWxLMa/2Giv9NNA3HYRsDDSjlGz3ShfkB7Zmm
	texkC1vgynNjWVIbueJNyl+uMpgFwnK4Rx/94sZ0ZJ7qwMKI31CDmvj33Pc04wpw
	zawj2HxSRldoLWOHeydMNhNEu+E=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:references:to:reply-to:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=qTXoPZtFgzKwxlpvdn698L
	bMp1w=; b=BqzIXFd1g3v/a0/j6gUissnfDqgsHfoUPpXWcWLP3gfINO0glYimcq
	5rtLrO2Tji2Q9AZW54EgCOdymY/AfzADBwwLZNS+cq9/2LIvkrMxB2x76rlTFWHq
	chwB4KBj/JyF/xQLgigT9miDTMm0cUlo6Qa0wb3OY6c+VPK83thrE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=Hx-spam-relays-external:sk:smtp-ou, H*RU:sk:smtp-ou, Hx-spam-relays-external:shaw.ca, H*r:shaw.ca
X-HELO: smtp-out-so.shaw.ca
X-Authority-Analysis: v=2.2 cv=cNuQihWN c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=IkcTkHD0fZMA:10 a=ZPuISKdX4XqyQfqdL7sA:9 a=QEXdDO2ut3YA:10
Subject: Re: [ANNOUNCEMENT] Updated: OpenSSH-7.4p1-1
References: <announce DOT 20161220204451 DOT GA11925 AT calimero DOT vinschen DOT de> <CAKf2h5SmHDhJqufVqZ92d4nyevQyEC+60gA64eQB5WwLdqDLeA AT mail DOT gmail DOT com> <20161221164140 DOT GA5707 AT calimero DOT vinschen DOT de> <CACoZoo3459oO5kMuaWrVU4L7bQTLe8fDFSR_5zqQShTG3d39EQ AT mail DOT gmail DOT com>
To: cygwin AT cygwin DOT com
Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Message-ID: <607f4841-c81b-2a48-f76c-aa610a7d89d8@SystematicSw.ab.ca>
Date: Wed, 21 Dec 2016 11:26:11 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <CACoZoo3459oO5kMuaWrVU4L7bQTLe8fDFSR_5zqQShTG3d39EQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfM673kgAgpLjlvBNKjXcenyGMsovPZ4tnExuV8IPZMX5TfUeOrbUd4us9LU1spiVyU+ezSTG1H9d8xA892vTD/TcP2SiXLSBVRpyjVXpDmkzduWticiO h3pyEHhQHNNEHuSRfaM0Nm66vs0kZRlNL2BuRxygo4TUQYK/i2ndKFY+9rlnzxh5+uKaLFvv6tGdwA==
X-IsSubscribed: yes

On 2016-12-21 10:39, Erik Soderquist wrote:
> On Wed, Dec 21, 2016 at 11:41 AM, Corinna Vinschen wrote:
>> In /etc/sshd_config:
>>   UsePrivilegeSeparation yes
> Essentially this no longer becomes optional? Or am I misreading?

They are dropping support for the *no* option.
The default is currently *sandbox*, which adds additional 
restrictions to *yes* prior to login.
If you don't have the option in sshd_config you're secure, and will 
not have any problems with upgrades or known exploits.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple