sshd: cache remote hostname for sandboxed child
Needs ReviewPublic
Actions

Authored by emaste on Apr 25 2021, 7:17 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Sep 30, 3:04 AM

	Unknown Object (File)
	Aug 27 2025, 9:18 AM

	Unknown Object (File)
	Aug 27 2025, 7:51 AM

	Unknown Object (File)
	Aug 27 2025, 7:27 AM

	Unknown Object (File)
	Aug 23 2025, 1:21 AM

	Unknown Object (File)
	Aug 22 2025, 11:20 PM

	Unknown Object (File)
	Aug 15 2025, 12:37 AM

	Unknown Object (File)
	Jul 27 2025, 4:56 PM

View All 54 Files

Subscribers

None

Details

Reviewers

bdrewery
allanjude
des

Summary

From FreeBSD:

commit fc3c19a9fceeea48a9259ac3833a125804342c0e
Author: Ed Maste <emaste@FreeBSD.org>
Date:   Sat Oct 6 21:32:55 2018 +0000

    sshd: address capsicum issues

    * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
      capability mode.
    * Cache timezone data via caph_cache_tzdata() as we cannot access the
      timezone file.
    * Reverse resolve hostname before entering capability mode.

    PR:             231172
    Submitted by:   naito.yuichiro@gmail.com
    Reviewed by:    cem, des
    Approved by:    re (rgrimes)
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D17128