Attachment 2155 Details for Bug 2011 – fixed strawman patch

[patch] fixed strawman patch

sandboxes-strawman.patch (text/plain), 19.66 KB, created by Colin Watson on 2012-05-19 03:40:45 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Colin Watson

Created: 2012-05-19 03:40:45 AEST

Size: 19.66 KB

patch

obsolete

>? sshd.trace
>Index: Makefile.in
>===================================================================
>RCS file: /cvs/openssh/Makefile.in,v
>retrieving revision 1.326
>diff -p -u -r1.326 Makefile.in
>--- Makefile.in	4 Apr 2012 01:27:57 -0000	1.326
>+++ Makefile.in	18 May 2012 17:39:29 -0000
>@@ -90,8 +90,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
> 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
> 	sftp-server.o sftp-common.o \
> 	roaming_common.o roaming_serv.o \
>-	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
>-	sandbox-seccomp-filter.o
>+	sandbox.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o \
>+	sandbox-darwin.o sandbox-seccomp-filter.o
> 
> MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
> MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
>Index: configure.ac
>===================================================================
>RCS file: /cvs/openssh/configure.ac,v
>retrieving revision 1.490
>diff -p -u -r1.490 configure.ac
>--- configure.ac	4 May 2012 01:05:45 -0000	1.490
>+++ configure.ac	18 May 2012 17:39:30 -0000
>@@ -126,25 +126,6 @@ AC_CHECK_DECL([SECCOMP_MODE_FILTER], [ha
> 	#include <linux/seccomp.h>
> ])
> fi
>-if test "x$have_seccomp_filter" = "x1" ; then
>-AC_MSG_CHECKING([kernel for seccomp_filter support])
>-AC_RUN_IFELSE([AC_LANG_PROGRAM([[
>-		#include <errno.h>
>-		#include <linux/seccomp.h>
>-		#include <stdlib.h>
>-		#include <sys/prctl.h>
>-	]],
>-	[[ errno = 0;
>-	   prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
>-	   exit(errno == EFAULT ? 0 : 1); ]])],
>-	[ AC_MSG_RESULT([yes]) ], [
>-		AC_MSG_RESULT([no])
>-		# Disable seccomp filter as a target
>-		have_seccomp_filter=0
>-	],
>-	[ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
>-)
>-fi
> 
> use_stack_protector=1
> AC_ARG_WITH([stackprotect],
>@@ -2575,21 +2556,24 @@ AC_ARG_WITH([sandbox],
> 		fi
> 	]
> )
>+SANDBOX_STYLE=""
> if test "x$sandbox_arg" = "xsystrace" || \
>    ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
> 	test "x$have_systr_policy_kill" != "x1" && \
> 		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
>-	SANDBOX_STYLE="systrace"
>+	SANDBOX_STYLE="$SANDBOX_STYLE systrace"
> 	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
>-elif test "x$sandbox_arg" = "xdarwin" || \
>+fi
>+if test "x$sandbox_arg" = "xdarwin" || \
>      ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
>        test "x$ac_cv_header_sandbox_h" = "xyes") ; then
> 	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
> 	     "x$ac_cv_header_sandbox_h" != "xyes" && \
> 		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
>-	SANDBOX_STYLE="darwin"
>+	SANDBOX_STYLE="$SANDBOX_STYLE darwin"
> 	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
>-elif test "x$sandbox_arg" = "xseccomp_filter" || \
>+fi
>+if test "x$sandbox_arg" = "xseccomp_filter" || \
>      ( test -z "$sandbox_arg" && \
>        test "x$have_seccomp_filter" == "x1" && \
>        test "x$ac_cv_header_linux_audit_h" = "xyes" && \
>@@ -2604,21 +2588,24 @@ elif test "x$sandbox_arg" = "xseccomp_fi
> 		AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
> 	test "x$ac_cv_func_prctl" != "xyes" && \
> 		AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
>-	SANDBOX_STYLE="seccomp_filter"
>+	SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter"
> 	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
>-elif test "x$sandbox_arg" = "xrlimit" || \
>+fi
>+if test "x$sandbox_arg" = "xrlimit" || \
>      ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
> 	test "x$ac_cv_func_setrlimit" != "xyes" && \
> 		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
>-	SANDBOX_STYLE="rlimit"
>+	SANDBOX_STYLE="$SANDBOX_STYLE rlimit"
> 	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
>-elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
>+fi
>+if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
>      test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
>-	SANDBOX_STYLE="none"
>-	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
>-else
>+	SANDBOX_STYLE="$SANDBOX_STYLE none"
>+fi
>+if test -z "$SANDBOX_STYLE" ; then
> 	AC_MSG_ERROR([unsupported --with-sandbox])
> fi
>+SANDBOX_STYLE="${SANDBOX_STYLE# }"
> 
> # Cheap hack to ensure NEWS-OS libraries are arranged right.
> if test ! -z "$SONY" ; then
>Index: sandbox-darwin.c
>===================================================================
>RCS file: /cvs/openssh/sandbox-darwin.c,v
>retrieving revision 1.1
>diff -p -u -r1.1 sandbox-darwin.c
>--- sandbox-darwin.c	26 Jun 2011 21:18:21 -0000	1.1
>+++ sandbox-darwin.c	18 May 2012 17:39:30 -0000
>@@ -16,10 +16,12 @@
> 
> #include "includes.h"
> 
>-#ifdef SANDBOX_DARWIN
>-
> #include <sys/types.h>
> 
>+#include "ssh-sandbox.h"
>+
>+#ifdef SANDBOX_DARWIN
>+
> #include <sandbox.h>
> 
> #include <errno.h>
>@@ -30,7 +32,6 @@
> #include <unistd.h>
> 
> #include "log.h"
>-#include "sandbox.h"
> #include "xmalloc.h"
> 
> /* Darwin/OS X sandbox */
>@@ -39,8 +40,14 @@ struct ssh_sandbox {
> 	pid_t child_pid;
> };
> 
>-struct ssh_sandbox *
>-ssh_sandbox_init(void)
>+static int
>+sandbox_darwin_probe(void)
>+{
>+	return 1;
>+}
>+
>+static void *
>+sandbox_darwin_init(void)
> {
> 	struct ssh_sandbox *box;
> 
>@@ -55,9 +62,10 @@ ssh_sandbox_init(void)
> 	return box;
> }
> 
>-void
>-ssh_sandbox_child(struct ssh_sandbox *box)
>+static void
>+sandbox_darwin_child(void *vbox)
> {
>+	struct ssh_sandbox *box = vbox;
> 	char *errmsg;
> 	struct rlimit rl_zero;
> 
>@@ -82,17 +90,39 @@ ssh_sandbox_child(struct ssh_sandbox *bo
> 			__func__, strerror(errno));
> }
> 
>-void
>-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
>+static void
>+sandbox_darwin_parent_finish(void *vbox)
> {
>-	free(box);
>+	free(vbox);
> 	debug3("%s: finished", __func__);
> }
> 
>-void
>-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
>+static void
>+sandbox_darwin_parent_preauth(void *box, pid_t child_pid)
> {
>+	struct ssh_sandbox *box = vbox;
>+
> 	box->child_pid = child_pid;
> }
>+
>+Sandbox ssh_sandbox_darwin = {
>+	"darwin",
>+	sandbox_darwin_probe,
>+	sandbox_darwin_init,
>+	sandbox_darwin_child,
>+	sandbox_darwin_parent_finish,
>+	sandbox_darwin_parent_preauth
>+};
>+
>+#else /* !SANDBOX_DARWIN */
>+
>+Sandbox ssh_sandbox_darwin = {
>+	"darwin",
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL
>+};
> 
> #endif /* SANDBOX_DARWIN */
>Index: sandbox-null.c
>===================================================================
>RCS file: /cvs/openssh/sandbox-null.c,v
>retrieving revision 1.2
>diff -p -u -r1.2 sandbox-null.c
>--- sandbox-null.c	23 Jun 2011 09:45:51 -0000	1.2
>+++ sandbox-null.c	18 May 2012 17:39:30 -0000
>@@ -17,8 +17,6 @@
> 
> #include "includes.h"
> 
>-#ifdef SANDBOX_NULL
>-
> #include <sys/types.h>
> 
> #include <errno.h>
>@@ -38,8 +36,14 @@ struct ssh_sandbox {
> 	int junk;
> };
> 
>-struct ssh_sandbox *
>-ssh_sandbox_init(void)
>+static int
>+sandbox_null_probe(void)
>+{
>+	return 1;
>+}
>+
>+static void *
>+sandbox_null_init(void)
> {
> 	struct ssh_sandbox *box;
> 
>@@ -51,22 +55,29 @@ ssh_sandbox_init(void)
> 	return box;
> }
> 
>-void
>-ssh_sandbox_child(struct ssh_sandbox *box)
>+static void
>+sandbox_null_child(void *vbox)
> {
> 	/* Nothing to do here */
> }
> 
>-void
>-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
>+static void
>+sandbox_null_parent_finish(void *vbox)
> {
>-	free(box);
>+	free(vbox);
> }
> 
>-void
>-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
>+static void
>+sandbox_null_parent_preauth(void *box, pid_t child_pid)
> {
> 	/* Nothing to do here */
> }
> 
>-#endif /* SANDBOX_NULL */
>+Sandbox ssh_sandbox_null = {
>+	"null",
>+	sandbox_null_probe,
>+	sandbox_null_init,
>+	sandbox_null_child,
>+	sandbox_null_parent_finish,
>+	sandbox_null_parent_preauth
>+};
>Index: sandbox-rlimit.c
>===================================================================
>RCS file: /cvs/openssh/sandbox-rlimit.c,v
>retrieving revision 1.2
>diff -p -u -r1.2 sandbox-rlimit.c
>--- sandbox-rlimit.c	23 Jun 2011 09:45:51 -0000	1.2
>+++ sandbox-rlimit.c	18 May 2012 17:39:30 -0000
>@@ -17,9 +17,12 @@
> 
> #include "includes.h"
> 
>+#include <sys/types.h>
>+
>+#include "ssh-sandbox.h"
>+
> #ifdef SANDBOX_RLIMIT
> 
>-#include <sys/types.h>
> #include <sys/param.h>
> #include <sys/time.h>
> #include <sys/resource.h>
>@@ -32,7 +35,6 @@
> #include <unistd.h>
> 
> #include "log.h"
>-#include "ssh-sandbox.h"
> #include "xmalloc.h"
> 
> /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
>@@ -41,8 +43,14 @@ struct ssh_sandbox {
> 	pid_t child_pid;
> };
> 
>-struct ssh_sandbox *
>-ssh_sandbox_init(void)
>+static int
>+sandbox_rlimit_probe(void)
>+{
>+	return 1;
>+}
>+
>+static void *
>+sandbox_rlimit_init(void)
> {
> 	struct ssh_sandbox *box;
> 
>@@ -57,8 +65,8 @@ ssh_sandbox_init(void)
> 	return box;
> }
> 
>-void
>-ssh_sandbox_child(struct ssh_sandbox *box)
>+static void
>+sandbox_rlimit_child(void *vbox)
> {
> 	struct rlimit rl_zero;
> 
>@@ -77,17 +85,39 @@ ssh_sandbox_child(struct ssh_sandbox *bo
> #endif
> }
> 
>-void
>-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
>+static void
>+sandbox_rlimit_parent_finish(void *vbox)
> {
>-	free(box);
>+	free(vbox);
> 	debug3("%s: finished", __func__);
> }
> 
>-void
>-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
>+static void
>+sandbox_rlimit_parent_preauth(void *vbox, pid_t child_pid)
> {
>+	struct ssh_sandbox *box = vbox;
>+
> 	box->child_pid = child_pid;
> }
>+
>+Sandbox ssh_sandbox_rlimit = {
>+	"rlimit",
>+	sandbox_rlimit_probe,
>+	sandbox_rlimit_init,
>+	sandbox_rlimit_child,
>+	sandbox_rlimit_parent_finish,
>+	sandbox_rlimit_parent_preauth
>+};
>+
>+#else /* !SANDBOX_RLIMIT */
>+
>+Sandbox ssh_sandbox_rlimit = {
>+	"rlimit",
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL
>+};
> 
> #endif /* SANDBOX_RLIMIT */
>Index: sandbox-seccomp-filter.c
>===================================================================
>RCS file: /cvs/openssh/sandbox-seccomp-filter.c,v
>retrieving revision 1.1
>diff -p -u -r1.1 sandbox-seccomp-filter.c
>--- sandbox-seccomp-filter.c	4 Apr 2012 01:27:57 -0000	1.1
>+++ sandbox-seccomp-filter.c	18 May 2012 17:39:30 -0000
>@@ -35,11 +35,15 @@
> 
> #include "includes.h"
> 
>+#include <sys/types.h>
>+
>+#include "ssh-sandbox.h"
>+
> #ifdef SANDBOX_SECCOMP_FILTER
> 
>-#include <sys/types.h>
> #include <sys/resource.h>
> #include <sys/prctl.h>
>+#include <sys/wait.h>
> 
> #include <linux/audit.h>
> #include <linux/filter.h>
>@@ -57,7 +61,6 @@
> #include <unistd.h>
> 
> #include "log.h"
>-#include "ssh-sandbox.h"
> #include "xmalloc.h"
> 
> /* Linux seccomp_filter sandbox */
>@@ -122,8 +125,33 @@ struct ssh_sandbox {
> 	pid_t child_pid;
> };
> 
>-struct ssh_sandbox *
>-ssh_sandbox_init(void)
>+static int
>+sandbox_seccomp_filter_probe(void)
>+{
>+	int status;
>+	pid_t pid;
>+
>+	pid = fork();
>+	if (pid == -1) {
>+		fatal("fork of seccomp_filter probe child failed");
>+	} else if (pid != 0) {
>+		/* parent */
>+		while (waitpid(pid, &status, 0) < 0) {
>+			if (errno == EINTR)
>+				continue;
>+			fatal("%s: waitpid: %s", __func__, strerror(errno));
>+		}
>+		return (WIFEXITED(status) && WEXITSTATUS(status) == 0);
>+	} else {
>+		/* child */
>+		errno = 0;
>+		prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
>+		_exit(errno == EFAULT ? 0 : 1);
>+	}
>+}
>+
>+static void *
>+sandbox_seccomp_filter_init(void)
> {
> 	struct ssh_sandbox *box;
> 
>@@ -143,7 +171,8 @@ extern struct monitor *pmonitor;
> void mm_log_handler(LogLevel level, const char *msg, void *ctx);
> 
> static void
>-ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context)
>+sandbox_seccomp_filter_violation(int signum, siginfo_t *info,
>+    void *void_context)
> {
> 	char msg[256];
> 
>@@ -155,7 +184,7 @@ ssh_sandbox_violation(int signum, siginf
> }
> 
> static void
>-ssh_sandbox_child_debugging(void)
>+sandbox_seccomp_filter_child_debugging(void)
> {
> 	struct sigaction act;
> 	sigset_t mask;
>@@ -165,7 +194,7 @@ ssh_sandbox_child_debugging(void)
> 	sigemptyset(&mask);
> 	sigaddset(&mask, SIGSYS);
> 
>-	act.sa_sigaction = &ssh_sandbox_violation;
>+	act.sa_sigaction = &sandbox_seccomp_filter_violation;
> 	act.sa_flags = SA_SIGINFO;
> 	if (sigaction(SIGSYS, &act, NULL) == -1)
> 		fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
>@@ -175,8 +204,8 @@ ssh_sandbox_child_debugging(void)
> }
> #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
> 
>-void
>-ssh_sandbox_child(struct ssh_sandbox *box)
>+static void
>+sandbox_seccomp_filter_child(void *vbox)
> {
> 	struct rlimit rl_zero;
> 
>@@ -193,7 +222,7 @@ ssh_sandbox_child(struct ssh_sandbox *bo
> 			__func__, strerror(errno));
> 
> #ifdef SANDBOX_SECCOMP_FILTER_DEBUG
>-	ssh_sandbox_child_debugging();
>+	sandbox_seccomp_filter_child_debugging();
> #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
> 
> 	debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
>@@ -206,17 +235,39 @@ ssh_sandbox_child(struct ssh_sandbox *bo
> 		      __func__, strerror(errno));
> }
> 
>-void
>-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
>+static void
>+sandbox_seccomp_filter_parent_finish(void *vbox)
> {
>-	free(box);
>+	free(vbox);
> 	debug3("%s: finished", __func__);
> }
> 
>-void
>-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
>+static void
>+sandbox_seccomp_filter_parent_preauth(void *vbox, pid_t child_pid)
> {
>+	struct ssh_sandbox *box = vbox;
>+
> 	box->child_pid = child_pid;
> }
>+
>+Sandbox ssh_sandbox_seccomp_filter = {
>+	"seccomp_filter",
>+	sandbox_seccomp_filter_probe,
>+	sandbox_seccomp_filter_init,
>+	sandbox_seccomp_filter_child,
>+	sandbox_seccomp_filter_parent_finish,
>+	sandbox_seccomp_filter_parent_preauth
>+};
>+
>+#else /* !SANDBOX_SECCOMP_FILTER */
>+
>+Sandbox ssh_sandbox_seccomp_filter = {
>+	"seccomp_filter",
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL
>+};
> 
> #endif /* SANDBOX_SECCOMP_FILTER */
>Index: sandbox-systrace.c
>===================================================================
>RCS file: /cvs/openssh/sandbox-systrace.c,v
>retrieving revision 1.3
>diff -p -u -r1.3 sandbox-systrace.c
>--- sandbox-systrace.c	5 Aug 2011 20:16:23 -0000	1.3
>+++ sandbox-systrace.c	18 May 2012 17:39:30 -0000
>@@ -17,9 +17,12 @@
> 
> #include "includes.h"
> 
>+#include <sys/types.h>
>+
>+#include "ssh-sandbox.h"
>+
> #ifdef SANDBOX_SYSTRACE
> 
>-#include <sys/types.h>
> #include <sys/param.h>
> #include <sys/ioctl.h>
> #include <sys/syscall.h>
>@@ -38,7 +41,6 @@
> 
> #include "atomicio.h"
> #include "log.h"
>-#include "ssh-sandbox.h"
> #include "xmalloc.h"
> 
> struct sandbox_policy {
>@@ -74,8 +76,14 @@ struct ssh_sandbox {
> 	pid_t child_pid;
> };
> 
>-struct ssh_sandbox *
>-ssh_sandbox_init(void)
>+static int
>+sandbox_systrace_probe(void)
>+{
>+	return 1;
>+}
>+
>+static void *
>+sandbox_systrace_init(void)
> {
> 	struct ssh_sandbox *box;
> 	int s[2];
>@@ -92,9 +100,10 @@ ssh_sandbox_init(void)
> 	return box;
> }
> 
>-void
>-ssh_sandbox_child(struct ssh_sandbox *box)
>+static void
>+sandbox_systrace_child(void *vbox)
> {
>+	struct ssh_sandbox *box = vbox;
> 	char whatever = 0;
> 
> 	close(box->parent_sock);
>@@ -110,7 +119,7 @@ ssh_sandbox_child(struct ssh_sandbox *bo
> }
> 
> static void
>-ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
>+sandbox_systrace_parent(struct ssh_sandbox *box, pid_t child_pid,
>     const struct sandbox_policy *allowed_syscalls)
> {
> 	int dev_systrace, i, j, found;
>@@ -179,9 +188,11 @@ ssh_sandbox_parent(struct ssh_sandbox *b
> 	close(box->parent_sock);
> }
> 
>-void
>-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
>+static void
>+sandbox_systrace_parent_finish(void *vbox)
> {
>+	struct ssh_sandbox *box = vbox;
>+
> 	/* Closing this before the child exits will terminate it */
> 	close(box->systrace_fd);
> 
>@@ -189,10 +200,32 @@ ssh_sandbox_parent_finish(struct ssh_san
> 	debug3("%s: finished", __func__);
> }
> 
>-void
>-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
>+static void
>+sandbox_systrace_parent_preauth(void *vbox, pid_t child_pid)
> {
>+	struct ssh_sandbox *box = vbox;
>+
> 	ssh_sandbox_parent(box, child_pid, preauth_policy);
> }
>+
>+Sandbox ssh_sandbox_systrace = {
>+	"systrace",
>+	sandbox_systrace_probe,
>+	sandbox_systrace_init,
>+	sandbox_systrace_child,
>+	sandbox_systrace_parent_finish,
>+	sandbox_systrace_parent_preauth
>+};
>+
>+#else /* !SANDBOX_SYSTRACE */
>+
>+Sandbox ssh_sandbox_systrace = {
>+	"systrace",
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL,
>+	NULL
>+};
> 
> #endif /* SANDBOX_SYSTRACE */
>Index: sandbox.c
>===================================================================
>RCS file: sandbox.c
>diff -N sandbox.c
>--- /dev/null	1 Jan 1970 00:00:00 -0000
>+++ sandbox.c	18 May 2012 17:39:30 -0000
>@@ -0,0 +1,82 @@
>+/* $Id$ */
>+/*
>+ * Copyright (c) 2012 Colin Watson <cjwatson@debian.org>
>+ *
>+ * Permission to use, copy, modify, and distribute this software for any
>+ * purpose with or without fee is hereby granted, provided that the above
>+ * copyright notice and this permission notice appear in all copies.
>+ *
>+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
>+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>+ */
>+
>+#include <sys/types.h>
>+
>+#include <stdlib.h>
>+#include <stdarg.h>
>+
>+#include "log.h"
>+#include "ssh-sandbox.h"
>+
>+static Sandbox *sandboxes[] = {
>+	&ssh_sandbox_systrace,
>+	&ssh_sandbox_darwin,
>+	&ssh_sandbox_seccomp_filter,
>+	&ssh_sandbox_rlimit,
>+	&ssh_sandbox_null,
>+	NULL
>+};
>+
>+static Sandbox *selected;
>+
>+static void
>+sandbox_select(void)
>+{
>+	Sandbox **sandbox;
>+
>+	if (selected)
>+		return;
>+
>+	for (sandbox = sandboxes; sandbox; sandbox++) {
>+		if ((*sandbox)->probe && (*sandbox)->probe()) {
>+			selected = *sandbox;
>+			return;
>+		}
>+	}
>+
>+	/* should never happen, as ssh_sandbox_null always succeeds */
>+	fatal("no sandbox implementation found");
>+}
>+
>+void *
>+ssh_sandbox_init(void)
>+{
>+	sandbox_select();
>+	return selected->init();
>+}
>+
>+void
>+ssh_sandbox_child(void *box)
>+{
>+	sandbox_select();
>+	return selected->child(box);
>+}
>+
>+void
>+ssh_sandbox_parent_finish(void *box)
>+{
>+	sandbox_select();
>+	return selected->parent_finish(box);
>+}
>+
>+void
>+ssh_sandbox_parent_preauth(void *box, pid_t child_pid)
>+{
>+	sandbox_select();
>+	return selected->parent_preauth(box, child_pid);
>+}
>Index: ssh-sandbox.h
>===================================================================
>RCS file: /cvs/openssh/ssh-sandbox.h,v
>retrieving revision 1.1
>diff -p -u -r1.1 ssh-sandbox.h
>--- ssh-sandbox.h	23 Jun 2011 09:45:51 -0000	1.1
>+++ ssh-sandbox.h	18 May 2012 17:39:30 -0000
>@@ -15,9 +15,24 @@
>  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  */
> 
>-struct ssh_sandbox;
>+typedef struct Sandbox Sandbox;
> 
>-struct ssh_sandbox *ssh_sandbox_init(void);
>-void ssh_sandbox_child(struct ssh_sandbox *);
>-void ssh_sandbox_parent_finish(struct ssh_sandbox *);
>-void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
>+struct Sandbox {
>+	const char	*name;
>+	int		(*probe)(void);
>+	void		*(*init)(void);
>+	void	    	(*child)(void *);
>+	void		(*parent_finish)(void *);
>+	void	    	(*parent_preauth)(void *, pid_t);
>+};
>+
>+void *ssh_sandbox_init(void);
>+void ssh_sandbox_child(void *);
>+void ssh_sandbox_parent_finish(void *);
>+void ssh_sandbox_parent_preauth(void *, pid_t);
>+
>+extern Sandbox ssh_sandbox_systrace;
>+extern Sandbox ssh_sandbox_darwin;
>+extern Sandbox ssh_sandbox_seccomp_filter;
>+extern Sandbox ssh_sandbox_rlimit;
>+extern Sandbox ssh_sandbox_null;
>Index: sshd.c
>===================================================================
>RCS file: /cvs/openssh/sshd.c,v
>retrieving revision 1.413
>diff -p -u -r1.413 sshd.c
>--- sshd.c	22 Apr 2012 01:24:44 -0000	1.413
>+++ sshd.c	18 May 2012 17:39:30 -0000
>@@ -628,7 +628,7 @@ privsep_preauth(Authctxt *authctxt)
> {
> 	int status;
> 	pid_t pid;
>-	struct ssh_sandbox *box = NULL;
>+	void *box = NULL;
> 
> 	/* Set up unprivileged child process to deal with network data */
> 	pmonitor = monitor_init();

Actions: View | Diff

Attachments on bug 2011: 2154 | 2155 | 2160 | 2214 | 2215 | 2216