nebula

mirror of https://github.com/slackhq/nebula.git synced 2026-04-17 17:31:07 +00:00

History

Jay R. Wren f8587956ba add sshd.sandbox_dir config option (#1622 ) * add sshd.sandbox_dir config option Sanitize SSH profile paths (ssh.go:514,683,719) — restrict os.Create(a[0]) to a safe directory. Add a config option in the config file to specify the sandbox directory. For backwards compatibility, if the config is not specified, keep the current behavior. * update default and example * use os.TempDir() for sshd.sandbox_dir default * split sandbox path validation into separate conditionals Separate the combined && check in sshSanitizeFilePath into two distinct conditionals with specific error messages: one for paths resolving to the sandbox directory itself, and one for paths outside the sandbox. Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix: trim leading zeros from p256 signature swap result bigmod.Nat.Bytes() returns fixed-size 32-byte slices, but ASN.1 INTEGER parsing strips leading zeros. This caused a flaky test failure (~1/256 chance) when the S value's high byte was zero. Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> --------- Co-authored-by: Claude <svc-devxp-claude@slack-corp.com>		2026-04-03 09:37:18 -04:00
..
go_service	Allow configuration of logger and build version in gvisor service library (#1239 )	2025-04-21 13:45:59 -04:00
service_scripts	Create service script for open-rc (#711 )	2024-04-30 09:53:00 -04:00
config.yml	add sshd.sandbox_dir config option (#1622 )	2026-04-03 09:37:18 -04:00