CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

projects / FreeBSD / FreeBSD.git / commit

author	Ed Maste <emaste@FreeBSD.org>
	Sat, 6 Oct 2018 21:32:55 +0000 (21:32 +0000)
committer	Ed Maste <emaste@FreeBSD.org>
	Sat, 6 Oct 2018 21:32:55 +0000 (21:32 +0000)
commit	fc3c19a9fceeea48a9259ac3833a125804342c0e
tree	229e14ee478b70177cfe09ab5973054a8bf9d7f2	tree \| snapshot
parent	7e524b0746bc9cabd0db124b97d94456017e93b8	commit \| diff

sshd: address capsicum issues

* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.

PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom

crypto/openssh/auth2.c		diff \| blob \| history
crypto/openssh/monitor.c		diff \| blob \| history
crypto/openssh/monitor.h		diff \| blob \| history
crypto/openssh/monitor_wrap.c		diff \| blob \| history
crypto/openssh/monitor_wrap.h		diff \| blob \| history
crypto/openssh/sandbox-capsicum.c		diff \| blob \| history
crypto/openssh/sshbuf-getput-basic.c		diff \| blob \| history
crypto/openssh/sshbuf.h		diff \| blob \| history
crypto/openssh/sshd.c		diff \| blob \| history