[Bug 2511] New: Drop fine-grained privileges on Illumos/Solaris
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Nov 30 09:55:10 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2511
Bug ID: 2511
Summary: Drop fine-grained privileges on Illumos/Solaris
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: alex+mailinglists_openssh-dev at cooperi.net
Created attachment 2761
--> https://bugzilla.mindrot.org/attachment.cgi?id=2761&action=edit
patch
On Illumos/Solaris we can drop fine-grained privileges using setppriv,
both for the sshd sandbox and also where appropriate in other utilities
like sftp-server and ssh-agent. This has a lot of cross-over with work
to add pledge(2) calls to OpenSSH code.
Entering this bug against sshd, since the sandbox component of this is
almost certainly the most important from a security perspective.
Discussed on mailinglist (openssh-unix-dev) thread on 12 Nov 2015.
Attached patch was against openssh-portable at 3ddd15e (Darren Tucker:
Add a null implementation of pledge.)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list