Page MenuHomeFreeBSD

sshd: cache remote hostname for sandboxed child
Needs ReviewPublic

Authored by emaste on Apr 25 2021, 7:17 PM.
Tags
None
Referenced Files
F105156494: D29977.diff
Thu, Dec 12, 10:56 PM
Unknown Object (File)
Sep 27 2024, 11:22 PM
Unknown Object (File)
Sep 27 2024, 11:19 PM
Unknown Object (File)
Sep 27 2024, 7:25 AM
Unknown Object (File)
Sep 19 2024, 3:02 PM
Unknown Object (File)
Sep 18 2024, 6:14 AM
Unknown Object (File)
Sep 16 2024, 3:43 PM
Unknown Object (File)
Aug 17 2024, 3:33 AM
Subscribers
None

Details

Summary

From FreeBSD:

commit fc3c19a9fceeea48a9259ac3833a125804342c0e
Author: Ed Maste <emaste@FreeBSD.org>
Date:   Sat Oct 6 21:32:55 2018 +0000

    sshd: address capsicum issues

    * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
      capability mode.
    * Cache timezone data via caph_cache_tzdata() as we cannot access the
      timezone file.
    * Reverse resolve hostname before entering capability mode.

    PR:             231172
    Submitted by:   naito.yuichiro@gmail.com
    Reviewed by:    cem, des
    Approved by:    re (rgrimes)
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D17128

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped