https://bugzilla.mindrot.org/show_bug.cgi?id=3855
--- Comment #3 from Damien Miller <[email protected]> --- Some other alternatives: 1. Ask the WolfSSL developers if there is any way to get the library to preopen the file descriptors before the sandbox is applied. 2. Soft-deny all __NR_open syscalls in the sandbox. This will case open() to faill with an error but won't result in a process-killing sandbox violation. You'd need to get a guarantee from the WolfSSL developers that their library will perform safely in this situation. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
