Thus said Theo de Raadt on Wed, 30 Nov 2022 19:44:09 -0700:
> It makes ssh safer for people who don't use the fancy features,
> because the ssh client cannot perform a vast number of system calls if
> it gets fooled.
Got it, makes sense now; and as you say my understanding was backwards.
On Wed, 30 Nov 2022, Theo de Raadt wrote:
> >> It allows a much tighter pledge in the client, so less attack surface
> >> against a bad server.
> >
> >So it's to prevent a malicious SSH server from exploiting a client who
> >choses to use ~C to open up the ssh> prompt and create or destro
>> It allows a much tighter pledge in the client, so less attack surface
>> against a bad server.
>
>So it's to prevent a malicious SSH server from exploiting a client who
>choses to use ~C to open up the ssh> prompt and create or destroy
>tunnels?
No.
It makes ssh safer for people who
Thus said Stuart Henderson on Wed, 30 Nov 2022 16:13:36 +:
> It allows a much tighter pledge in the client, so less attack surface
> against a bad server.
So it's to prevent a malicious SSH server from exploiting a client who
choses to use ~C to open up the ssh> prompt and create or
On 2022/11/30 08:53, Andy Bradford wrote:
> Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700:
>
> > A new "enablecommandline" configuration option re-enables those
> > particular features, and the diff later on will show why we feel these
> > features should be optional.
>
> Gl
Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700:
> A new "enablecommandline" configuration option re-enables those
> particular features, and the diff later on will show why we feel these
> features should be optional.
Glad that the option is being retained as optional bu
> I noticed that ~C stopped working in my -current, from last Saturday,
> holding the message "commandline disabled". The rest of the ~-escapes
> work tho, and ~C is no longer present in ~?. Went to check the code,
> currenlty sitting on Git commit e0b284df3ba7772329d85f200545e3bc5a84d54e
> only to
Hi tech@,
I noticed that ~C stopped working in my -current, from last Saturday,
holding the message "commandline disabled". The rest of the ~-escapes
work tho, and ~C is no longer present in ~?. Went to check the code,
currenlty sitting on Git commit e0b284df3ba7772329d85f200545e3bc5a84d54e
only t