| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-06-23 | ignore EINTR errors from poll() | Damien Miller | |
| 2011-06-23 | rename sandbox.h => ssh-sandbox.h to make things easier for portable | Damien Miller | |
| 2011-06-22 | $OpenBSD$ makers | Damien Miller | |
| 2011-06-22 | hook up a channel confirm callback to warn the user then requested X11 | Damien Miller | |
| forwarding was refused by the server; ok markus@ | |||
| 2011-06-22 | introduce sandboxing of the pre-auth privsep child using systrace(4). | Damien Miller | |
| This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@ | |||
| 2011-06-22 | reuse the multistate option arrays to pretty-print options for "sshd -T" | Damien Miller | |
| 2011-06-17 | setproctitle for a mux master that has been gracefully stopped; | Damien Miller | |
| bz#1911 from Bert.Wesarg AT googlemail.com | |||
| 2011-06-17 | factor out multi-choice option parsing into a parse_multistate label | Damien Miller | |
| and some support structures; ok dtucker@ | |||
| 2011-06-17 | the protocol version should be unsigned; bz#1913 reported by mb AT | Damien Miller | |
| smartftp.com | |||
| 2011-06-17 | make the pre-auth privsep slave log via a socketpair shared with the | Damien Miller | |
| monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ | |||
| 2011-06-14 | make sure key_parse_public/private_rsa1() no longer consumes its input buffer. | Markus Friedl | |
| fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@ | |||
| 2011-06-04 | explain IdentifyFile's semantics a little better, prompted by bz#1898 | Damien Miller | |
| ok dtucker jmc | |||
| 2011-06-03 | Check current parent process ID against saved one to determine if the parent | Darren Tucker | |
| has exited, rather than attempting to send a zero signal, since the latter won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn Gillmor, ok djm@ | |||
| 2011-06-03 | bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg | Damien Miller | |
| AT googlemail.com; ok dtucker@ | |||
| 2011-05-24 | Remove undocumented legacy options UserKnownHostsFile2 and | Damien Miller | |
| GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus | |||
| 2011-05-23 | read in key comments for v.2 keys (though note that these are not | Damien Miller | |
| passed over the agent protocol); bz#439, based on patch from binder AT arago.de; ok markus@ | |||
| 2011-05-23 | tweak previous; ok djm | Jason McIntyre | |
| 2011-05-23 | remove extra newline | Damien Miller | |
| 2011-05-23 | make secure_filename() spam debug logs less | Damien Miller | |
| 2011-05-23 | allow AuthorizedKeysFile to specify multiple files, separated by spaces. | Damien Miller | |
| Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@ | |||
| 2011-05-20 | use a macro to define which string options to copy between configs | Damien Miller | |
| for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@ | |||
| 2011-05-20 | Add comment documenting what should be after the preauth check. ok djm | Darren Tucker | |
| 2011-05-20 | the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile | Damien Miller | |
| and AuthorizedPrincipalsFile were not being correctly applied in Match blocks, despite being overridable there; ok dtucker@ | |||
| 2011-05-17 | fatal() if asked to generate a legacy ECDSA cert (these don't exist) | Damien Miller | |
| and fix the regress test that was trying to generate them :) | |||
| 2011-05-15 | use FD_CLOEXEC consistently; patch from zion AT x96.org | Damien Miller | |
| 2011-05-13 | warn on unexpected key type in key_parse_private_type() | Damien Miller | |
| 2011-05-11 | remove support for authorized_keys2; it is a relic from the early days | Damien Miller | |
| of protocol v.2 support and has been undocumented for many years; ok markus@ | |||
| 2011-05-10 | despam debug() logs by detecting that we are trying to load a private key | Damien Miller | |
| in key_try_load_public() and returning early; ok markus@ | |||
| 2011-05-08 | improve our behaviour when TTY allocation fails: if we are in | Damien Miller | |
| RequestTTY=auto mode (the default), then do not treat at TTY allocation error as fatal but rather just restore the local TTY to cooked mode and continue. This is more graceful on devices that never allocate TTYs. If RequestTTY is set to "yes" or "force", then failure to allocate a TTY is fatal. ok markus@ | |||
| 2011-05-07 | +.It RequestTTY | Jason McIntyre | |
| 2011-05-07 | - tweak previous | Jason McIntyre | |
| - come consistency fixes ok djm | |||
| 2011-05-06 | fix numbering; from bert.wesarg AT googlemail.com | Damien Miller | |
| 2011-05-06 | fix dropping from previous diff | Damien Miller | |
| 2011-05-06 | Add a RequestTTY ssh_config option to allow configuration-based | Damien Miller | |
| control over tty allocation (like -t/-T); ok markus@ | |||
| 2011-05-06 | support negated Host matching, e.g. | Damien Miller | |
| Host *.example.org !c.example.org User mekmitasdigoat Will match "a.example.org", "b.example.org", but not "c.example.org" ok markus@ | |||
| 2011-05-06 | add a %L expansion (short-form of the local host name) for ControlPath; | Damien Miller | |
| sync some more expansions with LocalCommand; ok markus@ | |||
| 2011-05-06 | set traffic class for IPv6 traffic as we do for IPv4 TOS; | Damien Miller | |
| patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@ | |||
| 2011-05-06 | fix memory leak; bz#1849 ok dtucker@ | Damien Miller | |
| 2011-05-06 | mention that IPv6 addresses must be enclosed in square brackets; | Damien Miller | |
| bz#1845 | |||
| 2011-05-06 | clarify language about overriding defaults. bz#1892, from Petr Cerny | Darren Tucker | |
| 2011-05-05 | gracefully fall back when ControlPath is too large for a | Damien Miller | |
| sockaddr_un. ok markus@ as part of a larger diff | |||
| 2011-05-04 | allow "ssh-add - < key"; feedback and ok markus@ | Damien Miller | |
| 2011-04-25 | linting this library is not helping anything | Theo de Raadt | |
| 2011-04-18 | certificate options are supposed to be packed in lexical order of option | Damien Miller | |
| name (though we don't actually enforce this at present). Move one up that was out of sequence | |||
| 2011-04-18 | tweak previous; | Jason McIntyre | |
| 2011-04-17 | allow graceful shutdown of multiplexing: request that a mux server removes | Damien Miller | |
| its listener socket and refuse future multiplexing requests; ok markus@ | |||
| 2011-04-13 | mention valid -b sizes for ECDSA keys; bz#1862 | Damien Miller | |
| 2011-04-13 | improve wording; bz#1861 | Damien Miller | |
| 2011-04-12 | exit with 0 status on SIGTERM; bz#1879 | Damien Miller | |
| 2011-04-12 | fix -Wshadow | Damien Miller | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |