HI, i found sandbox-systrace.c need the mquery() to work with "UsePrivilegeSeparation sandbox"
below change maybe related, http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/malloc.c.diff?r1=1.143;r2=1.144;sortby=date anyway, add mquery() to sandbox-systrace.c work on my system. thank you. --- /usr/src/usr.bin/ssh/sandbox-systrace.c Fri Jul 29 22:42:45 2011 +++ sandbox-systrace.c Tue Jun 26 16:31:37 2012 @@ -45,6 +45,7 @@ /* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */ static const struct sandbox_policy preauth_policy[] = { { SYS_open, SYSTR_POLICY_NEVER }, + { SYS_mquery, SYSTR_POLICY_NEVER }, { SYS___sysctl, SYSTR_POLICY_PERMIT }, { SYS_close, SYSTR_POLICY_PERMIT }, 2012/6/25 Fred Crowson <[email protected]> > On 25 June 2012 12:41, johnw <[email protected]> wrote: > > I change "UsePrivilegeSeparation sandbox" to "UsePrivilegeSeparation > yes", > > then i can login now. > > maybe the sandbox feature has something broken. > > thank you. > > The following article gives some more information on the sandbox function: > > http://www.undeadly.org/cgi?action=article&sid=20110721123003 > > hth > > Fred
