Turn sandboxing on by default.

crypto/openssh/servconf.c

@@ -314,7 +314,7 @@ fill_default_server_options(ServerOptions *options)
 		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
-		use_privsep = PRIVSEP_NOSANDBOX;
+		use_privsep = PRIVSEP_ON;
 
 #ifndef HAVE_MMAP
 	if (use_privsep && options->compression == 1) {

crypto/openssh/sshd_config

@@ -110,7 +110,7 @@
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-#UsePrivilegeSeparation yes
+#UsePrivilegeSeparation sandbox
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

crypto/openssh/sshd_config.5

@@ -1227,7 +1227,7 @@ the privilege of the authenticated user.
 The goal of privilege separation is to prevent privilege
 escalation by containing any corruption within the unprivileged processes.
 The default is
-.Dq yes .
+.Dq sandbox .
 If
 .Cm UsePrivilegeSeparation
 is set to