On Wed, Jun 26, 2002 at 11:26:31PM +0100, Tony Finch
wrote:> When the unprivileged child has chrooted it can no longer open
> /etc/resolv.conf, so if the resolver hasn't yet initialized itself then
> dns lookups will not be possible. This is unfortunately what normally
> happens, but sshd falls back gracefully.
can you try this?
Index: sshd.c
==================================================================RCS file:
/cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.253
diff -u -r1.253 sshd.c
--- sshd.c 28 Jun 2002 23:05:06 -0000 1.253
+++ sshd.c 29 Jun 2002 19:38:40 -0000
@@ -49,6 +49,8 @@
#include <openssl/md5.h>
#include <openssl/rand.h>
+#include <resolv.h>
+
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
@@ -1363,6 +1365,15 @@
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
sizeof(on)) < 0)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
+
+ /*
+ * Initialize the resolver. This may not happen automatically
+ * before privsep chroot().
+ */
+ if ((_res.options & RES_INIT) == 0) {
+ debug("res_init()");
+ res_init();
+ }
/*
* Register our connection. This turns encryption off because we do