[Bug 2468] Option to include external files to sshd_config
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 5 10:01:23 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2468
--- Comment #10 from Damien Miller <djm at mindrot.org> ---
I took a quick look at this patch and it seem ok wrt the configuration
parsing side. However, it doesn't do the right thing wrt sshd's
self-reexecution.
When sshd accepts a connection, instead of just fork(2)ing a subprocess
to handle, it forks and re-executes sshd to ensure each child process
gets a different memory layout, re-randomised stack cookies, etc.
Part of the re-execution shuffle is passing the entire sshd_config from
the listener sshd process to the re-executed one. This ensures that the
configuration used is the one that sshd was originally started with,
not the one that happens to be in the filesystem at the time the
connection was received.
This patch doesn't do that. I think maybe if you extended include_list
to record the full text of each included file and then
marshaled/demarsheled that in
sshd.c:send_rexec_state()/recv_rexec_state() then you'd be close to
good.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list