[Bug 2107] seccomp sandbox breaks GSSAPI

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Feb 6 10:54:39 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2107

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |djm at mindrot.org
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2406
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2406&action=edit
Cache supported oids before privilege separation

Instead of calling out to the monitor, could we do it before the
privsep child is forked? ssh_gssapi_supported_oids() doesn't seem to
need any context to work.

This patch tries to do this, but I have no way to test it (and really
no clue at all when it comes to GSSAPI/Kerberos).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list