there's only one sandbox, move to a static global

author Damien Miller <djm@mindrot.org>

Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)

committer Damien Miller <djm@mindrot.org>

Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)
author Damien Miller <djm@mindrot.org>
Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)
committer Damien Miller <djm@mindrot.org>
Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)
diff --git a/sshd-auth.c b/sshd-auth.c

index 5774706763bea8618ea7a8771224aa6f04ca7261..52bbd0b9ae8cfeb8627e0aab3cf72b9abac3db0f 100644 (file)
--- a/sshd-auth.c
+++ b/sshd-auth.c
@@ -163,6 +163,10 @@ static void do_ssh2_kex(struct ssh *);
  /* Unprivileged user */
  struct passwd *privsep_pw = NULL;
  
+#ifndef HAVE_PLEDGE
+static struct ssh_sandbox *box;
+#endif
+
  /* XXX stub */
  int
  mm_is_monitor(void)
@@ -174,9 +178,8 @@ static void
  privsep_child_demote(void)
  {
         gid_t gidset[1];
-#ifndef HAVE_PLEDGE
-       struct ssh_sandbox *box = NULL;
  
+#ifndef HAVE_PLEDGE
         if ((box = ssh_sandbox_init(pmonitor)) == NULL)
                 fatal_f("ssh_sandbox_init failed");
  #endif
author	Damien Miller <djm@mindrot.org>
	Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)
committer	Damien Miller <djm@mindrot.org>
	Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)