nebula

personal_interest_mirrors/nebula

Fork 0

mirror of https://github.com/slackhq/nebula.git synced 2026-05-16 12:57:38 +02:00

Commit Graph

Author	SHA1	Message	Date
Jay R. Wren	f8587956ba	add sshd.sandbox_dir config option (#1622 ) * add sshd.sandbox_dir config option Sanitize SSH profile paths (ssh.go:514,683,719) — restrict os.Create(a[0]) to a safe directory. Add a config option in the config file to specify the sandbox directory. For backwards compatibility, if the config is not specified, keep the current behavior. * update default and example * use os.TempDir() for sshd.sandbox_dir default * split sandbox path validation into separate conditionals Separate the combined && check in sshSanitizeFilePath into two distinct conditionals with specific error messages: one for paths resolving to the sandbox directory itself, and one for paths outside the sandbox. Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix: trim leading zeros from p256 signature swap result bigmod.Nat.Bytes() returns fixed-size 32-byte slices, but ASN.1 INTEGER parsing strips leading zeros. This caused a flaky test failure (~1/256 chance) when the S value's high byte was zero. Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> --------- Co-authored-by: Claude <svc-devxp-claude@slack-corp.com>	2026-04-03 09:37:18 -04:00
Jack Doan	f573e8a266	Merge commit from fork Some checks failed gofmt / Run gofmt (push) Failing after 3s Details smoke-extra / Run extra smoke tests (push) Failing after 2s Details smoke / Run multi node smoke test (push) Failing after 3s Details Build and test / Build all and test on ubuntu-linux (push) Failing after 2s Details Build and test / Build and test on linux with boringcrypto (push) Failing after 3s Details Build and test / Build and test on linux with pkcs11 (push) Failing after 2s Details Build and test / Build and test on macos-latest (push) Has been cancelled Details Build and test / Build and test on windows-latest (push) Has been cancelled Details Newly signed P256 based certificates will have their signature clamped to the low-s form. Update CHANGELOG.md	2026-02-06 14:26:51 -05:00

Author

SHA1

Message

Date

Jay R. Wren

f8587956ba

add sshd.sandbox_dir config option (#1622 )

* add sshd.sandbox_dir config option

Sanitize SSH profile paths (ssh.go:514,683,719) — restrict os.Create(a[0]) to a safe directory.
Add a config option in the config file to specify the sandbox directory. For backwards compatibility, if the config is not specified, keep the current behavior.

* update default and example

* use os.TempDir() for sshd.sandbox_dir default

* split sandbox path validation into separate conditionals

Separate the combined && check in sshSanitizeFilePath into two distinct
conditionals with specific error messages: one for paths resolving to the
sandbox directory itself, and one for paths outside the sandbox.

Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>

* fix: trim leading zeros from p256 signature swap result

bigmod.Nat.Bytes() returns fixed-size 32-byte slices, but ASN.1 INTEGER
parsing strips leading zeros. This caused a flaky test failure (~1/256
chance) when the S value's high byte was zero.

Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>

---------

Co-authored-by: Claude <svc-devxp-claude@slack-corp.com>

2026-04-03 09:37:18 -04:00

Jack Doan

f573e8a266

Merge commit from fork

gofmt / Run gofmt (push) Failing after 3s

Details

smoke-extra / Run extra smoke tests (push) Failing after 2s

Details

smoke / Run multi node smoke test (push) Failing after 3s

Details

Build and test / Build all and test on ubuntu-linux (push) Failing after 2s

Details

Build and test / Build and test on linux with boringcrypto (push) Failing after 3s

Details

Build and test / Build and test on linux with pkcs11 (push) Failing after 2s

Details

Build and test / Build and test on macos-latest (push) Has been cancelled

Details

Build and test / Build and test on windows-latest (push) Has been cancelled

Details

Newly signed P256 based certificates will have their signature clamped to the low-s form.

Update CHANGELOG.md

2026-02-06 14:26:51 -05:00

2 Commits