HomeFreeBSD

sshd: address capsicum issues

Description

sshd: address capsicum issues

  • Add a wrapper to proxy login_getpwclass(3) as it is not allowed in capability mode.
  • Cache timezone data via caph_cache_tzdata() as we cannot access the timezone file.
  • Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

Details

Committed
emasteOct 6 2018, 9:32 PM
Reviewer
cem
Differential Revision
D17128: [sshd 7.8p1] avoid to violate capability mode
Parents
rS339215: powerpc/pseries: EOI interrupts in XICS by setting lowest priority
Branches
Unknown
Tags
Unknown