https://bugzilla.mindrot.org/show_bug.cgi?id=2752
--- Comment #7 from Damien Miller <[email protected]> --- I've committed the getuid patch. wrt the remaining patches: There isn't much point in permitting flock() - the process is in a chroot environment and all fs operations should fail here. Could we SC_DENY it with ENOENT or EACCESS instead? The ipc(2) syscall is much too broad to allow in a sandbox - it includes a number of capabilities that could be used for sandbox escape. Is there a safe subset that could be enabled? Is there any documentation on the ZSENDEP11CPRB ioctl? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
