similar to: [Bug 2140] New: Capsicum support for FreeBSD 10 (-current)

https://bugzilla.mindrot.org/show_bug.cgi?id=2142 Bug ID: 2142 Summary: openssh sandboxing using libseccomp Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

https://bugzilla.mindrot.org/show_bug.cgi?id=1949 Bug #: 1949 Summary: PermitOpen none option Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: OpenBSD Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=2163 Bug ID: 2163 Summary: unchecked returned value from pam_get_item() Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: PAM support Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2021 Loganaden Velvindron <loganaden at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2199|0 |1 is obsolete| | --- Comment #12 from Loganaden Velvindron

https://bugzilla.mindrot.org/show_bug.cgi?id=1961 Bug #: 1961 Summary: ECDSA memory leak Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=1956 Bug #: 1956 Summary: sftp segfaults in parse_args() when argv[0] is NULL Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp

https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Bug ID: 2170 Summary: Potential integer overflow Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2197 Bug ID: 2197 Summary: Add ED25519 support to SSHFP dns record Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2021 --- Comment #3 from Loganaden Velvindron <loganaden at gmail.com> --- ping :-) ? -- You are receiving this mail because: You are watching the assignee of the bug.

Ajay Ramjatan asks if it would be ok to have: A config file that contains list of DSA/RSA/ED25519 entries to be added, when run by default. Currently According to the man page: " Alternative file names can be given on the command line. If any file requires a passphrase, ssh-add asks for the passphrase from the user. " Instead of specifying each key file, a single file such as .config

https://bugzilla.mindrot.org/show_bug.cgi?id=2021 Bug #: 2021 Summary: sftp resume support (using size and offset) Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp

on FreeBSD, gcc complains that %d is used for sig_atomic_t Casting to (int) as a solution ? Index: serverloop.c =================================================================== RCS file: /cvs/openssh/serverloop.c,v retrieving revision 1.172 diff -u -p -r1.172 serverloop.c --- serverloop.c 2 Dec 2012 22:50:55 -0000 1.172 +++ serverloop.c 4 Dec 2012 11:46:33 -0000 @@ -708,7 +708,7 @@

Hi All, I've been working on a diff to get SSHFP support for ed25519 in OpenSSH. SM has been working through the IETF process to obtain the SSHFP RR Type number. Despite getting "rough consensus", we still haven't heard anything from the IETF Security Directors for the draft. SM sent a mail asking why it is taking so long, and it appears that his mail was ignored. Please see:

When doing a make with the portable developer version, I came across this error: ssh/ssh_host_ecdsa_key|/opt/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/opt/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/opt/etc/ssh_host_rsa_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/opt/etc/moduli|g' -e

FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> a few years ago to avoid future conflicts with POSIX capabilities. There is still a stub for compatibility, but it would be better not to rely on it. DES -- Dag-Erling Sm?rgrav - des at des.no -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-capsicum_h.diff Type: text/x-patch

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

> > Message: 8 > Date: Tue, 30 Jul 2013 12:46:50 -0700 > From: Iain Morgan <imorgan at nas.nasa.gov> > To: Damien Miller <djm at mindrot.org> > Cc: "openssh-unix-dev at mindrot.org" <openssh-unix-dev at mindrot.org> > Subject: Re: Call for testing: OpenSSH-6.3 > Message-ID: <20130730194649.GC18047 at linux124.nas.nasa.gov> >

https://bugzilla.mindrot.org/show_bug.cgi?id=2143 Bug ID: 2143 Summary: X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface Product: Portable OpenSSH Version: 5.3p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1962 Bug #: 1962 Summary: command buffer struct is not freed before exit() Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: ssh