Page MenuHomeFreeBSD

sshd: cache remote hostname for sandboxed child
Needs ReviewPublic

Authored by emaste on Apr 25 2021, 7:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 30, 3:04 AM
Unknown Object (File)
Aug 27 2025, 9:18 AM
Unknown Object (File)
Aug 27 2025, 7:51 AM
Unknown Object (File)
Aug 27 2025, 7:27 AM
Unknown Object (File)
Aug 23 2025, 1:21 AM
Unknown Object (File)
Aug 22 2025, 11:20 PM
Unknown Object (File)
Aug 15 2025, 12:37 AM
Unknown Object (File)
Jul 27 2025, 4:56 PM
Subscribers
None

Details

Summary

From FreeBSD:

commit fc3c19a9fceeea48a9259ac3833a125804342c0e
Author: Ed Maste <emaste@FreeBSD.org>
Date:   Sat Oct 6 21:32:55 2018 +0000

    sshd: address capsicum issues

    * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
      capability mode.
    * Cache timezone data via caph_cache_tzdata() as we cannot access the
      timezone file.
    * Reverse resolve hostname before entering capability mode.

    PR:             231172
    Submitted by:   naito.yuichiro@gmail.com
    Reviewed by:    cem, des
    Approved by:    re (rgrimes)
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D17128

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped