https://bugzilla.mindrot.org/show_bug.cgi?id=3855
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Damien Miller <[email protected]> --- Moving the privsep_child_demote() to after do_authentication2() not only disables the sandbox (sshd-auth exits after authentication completes), but disables all privilege-reduction that it performs. You're much better off just disabling sandboxing at compile time. Wrt enabling opening /dev/random, unfortunately it's not possible using the seccomp sandbox without also allowing open() of any file. The problem is that the seccomp bpf filters cannot inspect pointer arguments, including file paths. Therefore the only option would be to allow all __NR_open syscalls, which would significantly weaken the sandbox. AFAIK all other libcrypto libraries have long since moved to use the getrandom(2) syscall which is much easier to allowlist. AFAIK BoringSSL's FIPS libcrypto uses getrandom(2). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
