]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a3c051) | patch
sshd: address capsicum issues
authoremaste <emaste@FreeBSD.org>
Sat, 6 Oct 2018 21:32:55 +0000 (21:32 +0000)
committeremaste <emaste@FreeBSD.org>
Sat, 6 Oct 2018 21:32:55 +0000 (21:32 +0000)
commitdf69fc982379033a8b6c5a796230a211bf8c9da7
tree229e14ee478b70177cfe09ab5973054a8bf9d7f2tree | snapshot
parent1a3c051aca98d2abf29b7ad7dc803e1a4bd31441commit | diff
sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
  capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
  timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128
crypto/openssh/auth2.c diff | blob | history
crypto/openssh/monitor.c diff | blob | history
crypto/openssh/monitor.h diff | blob | history
crypto/openssh/monitor_wrap.c diff | blob | history
crypto/openssh/monitor_wrap.h diff | blob | history
crypto/openssh/sandbox-capsicum.c diff | blob | history
crypto/openssh/sshbuf-getput-basic.c diff | blob | history
crypto/openssh/sshbuf.h diff | blob | history
crypto/openssh/sshd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.