Date: Wed, 24 Jul 2002 16:34:47 +0100 From: Tony Finch <dot@dotat.at> To: des@freebsd.org, dinoex@freebsd.org Cc: dot@dotat.at, freebsd-security@freebsd.org Subject: sshd privsep dns lookup bug Message-ID: <20020724163447.B8886@chiark.greenend.org.uk>
next in thread | raw e-mail | index | archive | help
The call to get_canonical_hostname() at line 145 of the FreeBSD version of openssh-portable causes problems with privilege separation. It happens to be the first call to the resolver, but because the code is running chrooted at that point, it cannot read /etc/resolv.conf so fails to initialize itself correctly. This causes the DNS lookup to fail, and in some configurations to hang for half a minute. Tony. -- f.a.n.finch <dot@dotat.at> http://dotat.at/ BISCAY: WESTERLY 3 OR 4. DRIZZLE AT FIRST, AND AGAIN LATER. MODERATE OR GOOD, BUT POOR IN DRIZZLE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020724163447.B8886>