Page MenuHomeFreeBSD

capsicumUmbrella
ActivePublic

Recent Activity

Nov 13 2018

arichardson added a member for capsicum: arichardson.
Nov 13 2018, 9:40 AM

Oct 6 2018

emaste closed D17128: [sshd 7.8p1] avoid to violate capability mode.
Oct 6 2018, 9:33 PMcapsicum

Oct 5 2018

des accepted D17128: [sshd 7.8p1] avoid to violate capability mode.

I would strongly recommend submitting the sshbuf_{get,put,free}_passwd() part of this patch upstream.

Oct 5 2018, 2:18 PMcapsicum

Sep 13 2018

cem accepted D17128: [sshd 7.8p1] avoid to violate capability mode.

馃憤

Sep 13 2018, 1:39 AMcapsicum
naito.yuichiro_gmail.com updated the diff for D17128: [sshd 7.8p1] avoid to violate capability mode.

Fixed code style issues

Sep 13 2018, 1:37 AMcapsicum
naito.yuichiro_gmail.com added inline comments to D17128: [sshd 7.8p1] avoid to violate capability mode.
Sep 13 2018, 1:36 AMcapsicum

Sep 12 2018

cem accepted D17128: [sshd 7.8p1] avoid to violate capability mode.

Looks great to me.

Sep 12 2018, 2:49 PMcapsicum
naito.yuichiro_gmail.com added inline comments to D17128: [sshd 7.8p1] avoid to violate capability mode.
Sep 12 2018, 10:45 AMcapsicum
naito.yuichiro_gmail.com updated the diff for D17128: [sshd 7.8p1] avoid to violate capability mode.

Fixed commented issues.

Sep 12 2018, 10:43 AMcapsicum
naito.yuichiro_gmail.com added inline comments to D17128: [sshd 7.8p1] avoid to violate capability mode.
Sep 12 2018, 10:40 AMcapsicum
cem accepted D17128: [sshd 7.8p1] avoid to violate capability mode.

Functionality looks good to me. Some minor style suggestions follow.

Sep 12 2018, 4:09 AMcapsicum
naito.yuichiro_gmail.com added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

Created D17128 for OpenSSH-7.8p1.

Sep 12 2018, 3:55 AMcapsicum
naito.yuichiro_gmail.com created D17128: [sshd 7.8p1] avoid to violate capability mode.
Sep 12 2018, 3:54 AMcapsicum

Sep 11 2018

cem added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

I found one problem that sshd fails to reverse resolve hostname if server is set UseDNS yes .

Sep 11 2018, 3:14 PMcapsicum
naito.yuichiro_gmail.com added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

I see that r338561 commit updates openssh to 7.8p1.
I'm going to update my patch for this version and create a new differential.

Sep 11 2018, 10:04 AMcapsicum
naito.yuichiro_gmail.com updated the diff for D17056: [sshd] add wrapper function of login_getpwclass.

I found one problem that sshd fails to reverse resolve hostname if server is set UseDNS yes .

Sep 11 2018, 10:01 AMcapsicum

Sep 10 2018

cem accepted D17056: [sshd] add wrapper function of login_getpwclass.

Looks great to me, thanks. Any other reviewers want to take a pass?

Sep 10 2018, 3:46 PMcapsicum
naito.yuichiro_gmail.com updated the diff for D17056: [sshd] add wrapper function of login_getpwclass.

Fixed code style issues and log messages.
No functional change.

Sep 10 2018, 7:50 AMcapsicum
naito.yuichiro_gmail.com added inline comments to D17056: [sshd] add wrapper function of login_getpwclass.
Sep 10 2018, 5:33 AMcapsicum

Sep 8 2018

cem accepted D17056: [sshd] add wrapper function of login_getpwclass.

Looks great to me! All of my comments below are just style or message suggestions, nothing functional.

Sep 8 2018, 1:38 AMcapsicum

Sep 7 2018

naito.yuichiro_gmail.com added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

How do we coordinate with upstream on this?

Sep 7 2018, 8:33 AMcapsicum
naito.yuichiro_gmail.com updated the diff for D17056: [sshd] add wrapper function of login_getpwclass.

Fixed commented issues.
If you try this code, please be aware that you need to update libprivatessh.so.
Because I fixed buffer.c to implement functions for operating struct passwd.
Buffer related functions are written in 'buffer.c'.

Sep 7 2018, 8:31 AMcapsicum
naito.yuichiro_gmail.com added inline comments to D17056: [sshd] add wrapper function of login_getpwclass.
Sep 7 2018, 5:44 AMcapsicum

Sep 6 2018

emaste added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

How do we coordinate with upstream on this?

Sep 6 2018, 9:08 PMcapsicum
cem requested changes to D17056: [sshd] add wrapper function of login_getpwclass.

Mostly looks good to me! I had a couple concerns and suggestions, see below. Thanks for the patch.

Sep 6 2018, 5:03 PMcapsicum
cem added a reviewer for D17056: [sshd] add wrapper function of login_getpwclass: des.

Hi Conrad.
Thanks for the advice. I regenerated patch file. It seems good differential.

Sep 6 2018, 4:38 PMcapsicum
naito.yuichiro_gmail.com updated the diff for D17056: [sshd] add wrapper function of login_getpwclass.

regenerate patch by `diff -U9999```

Sep 6 2018, 12:25 PMcapsicum
naito.yuichiro_gmail.com added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

Hi Conrad.
Thanks for the advice. I regenerated patch file. It seems good differential.

Sep 6 2018, 12:25 PMcapsicum
naito.yuichiro_gmail.com created D17056: [sshd] add wrapper function of login_getpwclass.
Sep 6 2018, 12:25 PMcapsicum
cem added a comment to D17056: [sshd] add wrapper function of login_getpwclass.

Hi Yuichiro NAITO,

Sep 6 2018, 12:25 PMcapsicum
naito.yuichiro_gmail.com updated the test plan for D17056: [sshd] add wrapper function of login_getpwclass.
Sep 6 2018, 12:25 PMcapsicum
naito.yuichiro_gmail.com updated the test plan for D17056: [sshd] add wrapper function of login_getpwclass.
Sep 6 2018, 12:24 PMcapsicum

May 17 2018

oshogbo requested changes to D15289: sandbox jls(8).
May 17 2018, 10:01 AMcapsicum

May 16 2018

sg2342_googlemail.com added inline comments to D15289: sandbox jls(8).
May 16 2018, 2:17 AMcapsicum
sg2342_googlemail.com added inline comments to D15289: sandbox jls(8).
May 16 2018, 1:56 AMcapsicum

May 12 2018

sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

fix RESCUE: include lib/libjail/jail.c in librescue if necessary

May 12 2018, 12:57 AMcapsicum

May 11 2018

sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

cap_jail.c: improve allocation and error handling in service command

May 11 2018, 3:14 PMcapsicum
sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

cap_sysctl.c: resolve names to mibs when limits are set.

May 11 2018, 3:36 AMcapsicum
sg2342_googlemail.com added inline comments to D15289: sandbox jls(8).
May 11 2018, 2:12 AMcapsicum
sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).
  • rename cap_jail_get -> cap_jail and system.cap_jail_get -> system.cap_jail
  • cap_jail:
    • fix copyright
    • add man page
  • cap_jail.c:
    • style(9) changes
    • use dnvlist_* in service command
    • split nvlist -> iov function in two: nvl_to_iov_s is used by the service and makes sure there is space before memcpy
  • jls.c: use caph_enter_casper
  • cap_sysctl.c: style
  • cap_sysclt.3: reference sysctl(3)
May 11 2018, 1:30 AMcapsicum

May 10 2018

oshogbo added a comment to D15289: sandbox jls(8).

WOW! Thank you for working on that!

May 10 2018, 7:25 AMcapsicum
sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

I removed to kernel changes and used libcasper to obtain sysctl and jail_get functionality needed for jls(1).

May 10 2018, 2:13 AMcapsicum

May 5 2018

oshogbo requested changes to D15289: sandbox jls(8).

Please use libcasper(3) to obtain valid sysctl.

May 5 2018, 10:38 AMcapsicum

May 4 2018

sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

caph_cache_catpages(3) before cap_enter(2)

May 4 2018, 2:56 AMcapsicum
allanjude added a reviewer for D15289: sandbox jls(8): capsicum.
May 4 2018, 1:38 AMcapsicum
sg2342_googlemail.com created D15289: sandbox jls(8).
May 4 2018, 1:25 AMcapsicum

May 3 2018

sg2342_googlemail.com added a watcher for capsicum: sg2342_googlemail.com.
May 3 2018, 9:53 PM

Apr 30 2018

emaste closed D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.
Apr 30 2018, 5:31 PMcapsicum
emaste added a comment to D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.

connectat/bindat description updated in rS333119

Apr 30 2018, 5:16 PMcapsicum
domagoj.stolfa_gmail.com accepted D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.

Had a quick skim, but LGTM.

Apr 30 2018, 4:05 PMcapsicum