diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2024-06-27 23:01:16 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2024-06-27 23:01:16 +0000 |
commit | f51499360d107b1cafb5a1abf36628b73502a836 (patch) | |
tree | 2a5fdd651e49797a8fd29b5987c47e54a4f629b8 /usr.bin/ssh | |
parent | d2e45c17f2757d7781e0e192828e26f29df273de (diff) |
delete obsolete comment
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/sshd.c | 22 |
1 files changed, 2 insertions, 20 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index e74e03323cd..64d0d0d752e 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.608 2024/06/26 23:47:46 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.609 2024/06/27 23:01:15 djm Exp $ */ /* * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. * Copyright (c) 2002 Niels Provos. All rights reserved. @@ -369,25 +369,7 @@ child_reap(struct early_child *child) break; } } - /* - * XXX would be nice to have more subtlety here. - * - Different penalties - * a) authentication failures without success (e.g. brute force) - * b) login grace exceeded (penalise DoS) - * c) monitor crash (penalise exploit attempt) - * d) unpriv preauth crash (penalise exploit attempt) - * - Unpriv auth exit status/WIFSIGNALLED is not available because - * the "mm_request_receive: monitor fd closed" fatal kills the - * monitor before waitpid() can occur. It would be good to use the - * unpriv exit status to detect crashes. - * - * For now, just penalise (a), (b) and (c), since that is what we have - * readily available. The authentication failures detection cannot - * discern between failed authentication and other connection problems - * until we have the unpriv exist status plumbed through (and the unpriv - * child modified to use a different exit status when auth has been - * attempted), but it's a start. - */ + if (child->have_addr) srclimit_penalise(&child->addr, penalty_type); |