Date: Wed, 24 Jul 2002 21:18:01 +0300 From: Peter Pentchev <roam@ringlet.net> To: Tony Finch <dot@dotat.at> Cc: des@freebsd.org, dinoex@freebsd.org, freebsd-security@freebsd.org Subject: Re: sshd privsep dns lookup bug Message-ID: <20020724181801.GB31448@straylight.oblivion.bg> In-Reply-To: <20020724163447.B8886@chiark.greenend.org.uk> References: <20020724163447.B8886@chiark.greenend.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 24, 2002 at 04:34:47PM +0100, Tony Finch wrote: > The call to get_canonical_hostname() at line 145 of the FreeBSD version > of openssh-portable causes problems with privilege separation. It happens > to be the first call to the resolver, but because the code is running > chrooted at that point, it cannot read /etc/resolv.conf so fails to > initialize itself correctly. This causes the DNS lookup to fail, and > in some configurations to hang for half a minute. I believe this has been pointed out several times, including on this list, and there is nothing stopping you from installing the system's resolv.conf into the /var/empty/etc/ directory, right? :) Okay, so maybe it should be documented somewhere.. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If there were no counterfactuals, this sentence would not have been paradox= ical. --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9Pu9Z7Ri2jRYZRVMRAlzNAKCTpfJnrvwrLLiUOei70xKnWnC/zwCgkonv 0iYbMQ9O5+X1+Wc6xG0xEJk= =vHqx -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020724181801.GB31448>