diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-10-14 03:57:50 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-10-14 05:01:37 +0200 |
| commit | 6072e4c9385713e9c166f32cfca6a7e603d4f0b8 (patch) | |
| tree | ea07b20ea04f48014ec2b958b432e3b6fc0b3b18 /ssh-sandbox.h | |
| parent | upstream: don't start the ObscureKeystrokeTiming mitigations if (diff) | |
| download | openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.tar.xz openssh-6072e4c9385713e9c166f32cfca6a7e603d4f0b8.zip | |
upstream: Split per-connection sshd-session binary
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.
Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.
Joint work with markus@ feedback deraadt@
Tested in snaps since last week
OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
Diffstat (limited to 'ssh-sandbox.h')
| -rw-r--r-- | ssh-sandbox.h | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/ssh-sandbox.h b/ssh-sandbox.h index bd5fd8372..3b7484026 100644 --- a/ssh-sandbox.h +++ b/ssh-sandbox.h @@ -20,5 +20,3 @@ struct ssh_sandbox; struct ssh_sandbox *ssh_sandbox_init(struct monitor *); void ssh_sandbox_child(struct ssh_sandbox *); -void ssh_sandbox_parent_finish(struct ssh_sandbox *); -void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); |