[Bug 3855] sshd-auth sandbox limitations
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Aug 29 09:55:11 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3855
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Some other alternatives:
1. Ask the WolfSSL developers if there is any way to get the library to
preopen the file descriptors before the sandbox is applied.
2. Soft-deny all __NR_open syscalls in the sandbox. This will case
open() to faill with an error but won't result in a process-killing
sandbox violation. You'd need to get a guarantee from the WolfSSL
developers that their library will perform safely in this situation.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list