Hi! I was looking at the openssh seccomp filter and I was curious why is shutdown is allowed in the whitelist? I've been doing an analysis on the openssh code and the callpaths I find which call shutdown have the form: main->do_authenticated->server_loop2->channel_after_select->channel_handler->channel_post_mux_client->read_mux->chan_read_failed->chan_shutdown_read->shutdown However, isn't do_authenticated handled in the parent process which isn't sandboxed? I might be gravely mistaken here so my apologies if I'm wrong. Regards, Shankara Pailoor _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
