[Bug 2511] New: Drop fine-grained privileges on Illumos/Solaris

bugzilla-daemon Sun, 29 Nov 2015 14:55:34 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=2511


            Bug ID: 2511
           Summary: Drop fine-grained privileges on Illumos/Solaris
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: Solaris
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 2761
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2761&action=edit
patch

On Illumos/Solaris we can drop fine-grained privileges using setppriv,
both for the sshd sandbox and also where appropriate in other utilities
like sftp-server and ssh-agent. This has a lot of cross-over with work
to add pledge(2) calls to OpenSSH code.

Entering this bug against sshd, since the sandbox component of this is
almost certainly the most important from a security perspective.

Discussed on mailinglist (openssh-unix-dev) thread on 12 Nov 2015.
Attached patch was against openssh-portable at 3ddd15e (Darren Tucker:
Add a null implementation of pledge.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2511] New: Drop fine-grained privileges on Illumos/Solaris

Reply via email to