Bugzilla – Attachment 2328 Details for
Bug 2142
Make seccomp-bpf sandbox work for Linux/X32
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
libseccomp patch
file_2142.txt (text/plain), 9.09 KB, created by
Loganaden Velvindron
on 2013-08-13 05:40:32 AEST
(
hide
)
Description:
libseccomp patch
Filename:
MIME Type:
Creator:
Loganaden Velvindron
Created:
2013-08-13 05:40:32 AEST
Size:
9.09 KB
patch
obsolete
>Index: Makefile.in >=================================================================== >RCS file: /cvs/openssh/Makefile.in,v >retrieving revision 1.340 >diff -u -p -r1.340 Makefile.in >--- Makefile.in 11 Jun 2013 01:26:10 -0000 1.340 >+++ Makefile.in 12 Aug 2013 19:27:50 -0000 >@@ -93,7 +93,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw > sftp-server.o sftp-common.o \ > roaming_common.o roaming_serv.o \ > sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ >- sandbox-seccomp-filter.o >+ sandbox-seccomp-filter.o sandbox-libseccomp-filter.o > > MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out > MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 >@@ -456,4 +456,3 @@ package: $(CONFIGFILES) $(MANPAGES) $(TA > if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ > sh buildpkg.sh; \ > fi >- >Index: configure.ac >=================================================================== >RCS file: /cvs/openssh/configure.ac,v >retrieving revision 1.536 >diff -u -p -r1.536 configure.ac >--- configure.ac 4 Aug 2013 11:48:41 -0000 1.536 >+++ configure.ac 12 Aug 2013 19:27:53 -0000 >@@ -2683,11 +2683,17 @@ AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [ > [non-privileged user for privilege separation]) > AC_SUBST([SSH_PRIVSEP_USER]) > >+AC_CHECK_DECL([LIBSECCOMP_MODE_FILTER], [have_libseccomp_filter=1], , [ >+ #include <sys/types.h> >+ #include <seccomp.h> >+]) >+ > if test "x$have_linux_no_new_privs" = "x1" ; then > AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ > #include <sys/types.h> > #include <linux/seccomp.h> > ]) >+ > fi > if test "x$have_seccomp_filter" = "x1" ; then > AC_MSG_CHECKING([kernel for seccomp_filter support]) >@@ -2714,7 +2720,7 @@ fi > # Decide which sandbox style to use > sandbox_arg="" > AC_ARG_WITH([sandbox], >- [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], >+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, libseccomp_filter)], > [ > if test "x$withval" = "xyes" ; then > sandbox_arg="" >@@ -2824,6 +2830,13 @@ elif test "x$sandbox_arg" = "xdarwin" || > AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) > SANDBOX_STYLE="darwin" > AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) >+elif test "x$sandbox_arg" = "xlibseccomp_filter" || \ >+ ( test -z "$sandbox_arg" && \ >+ test -z "x$have_libseccomp_filter" = "x1" ) ; then >+ test -z "x$have_libseccomp_filter" != "x1" && \ >+ AC_MSG_ERROR([libseccomp_filter sandbox not supported on $host]) >+ SANDBOX_STYLE="libseccomp_filter" >+ AC_DEFINE([SANDBOX_LIBSECCOMP_FILTER], [1], [Sandbox using libseccomp filter]) > elif test "x$sandbox_arg" = "xseccomp_filter" || \ > ( test -z "$sandbox_arg" && \ > test "x$have_seccomp_filter" = "x1" && \ >Index: sandbox-libseccomp-filter.c >=================================================================== >RCS file: sandbox-libseccomp-filter.c >diff -N sandbox-libseccomp-filter.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ sandbox-libseccomp-filter.c 12 Aug 2013 19:27:53 -0000 >@@ -0,0 +1,149 @@ >+/* >+ * Copyright (c) 2012 Will Drewry <wad@dataspill.org> >+ * >+ * Permission to use, copy, modify, and distribute this software for any >+ * purpose with or without fee is hereby granted, provided that the above >+ * copyright notice and this permission notice appear in all copies. >+ * >+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES >+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF >+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR >+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES >+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN >+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF >+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. >+ */ >+ >+#include "includes.h" >+ >+#ifdef SANDBOX_LIBSECCOMP_FILTER >+ >+#include <sys/types.h> >+#include <sys/resource.h> >+#include <seccomp.h> >+ >+ >+#include <errno.h> >+#include <signal.h> >+#include <stdarg.h> >+#include <stddef.h> /* for offsetof */ >+#include <stdio.h> >+#include <stdlib.h> >+#include <string.h> >+#include <unistd.h> >+ >+#include "log.h" >+#include "ssh-sandbox.h" >+#include "xmalloc.h" >+ >+struct ssh_sandbox { >+ pid_t child_pid; >+}; >+ >+struct ssh_sandbox * >+ssh_sandbox_init(void) >+{ >+ struct ssh_sandbox *box; >+ >+ /* >+ * Strictly, we don't need to maintain any state here but we need >+ * to return non-NULL to satisfy the API. >+ */ >+ debug3("%s: preparing libseccomp filter sandbox", __func__); >+ box = xcalloc(1, sizeof(*box)); >+ box->child_pid = 0; >+ >+ return box; >+} >+ >+void >+ssh_sandbox_child(struct ssh_sandbox *box) >+{ >+ struct rlimit rl_zero; >+ int nnp_failed = 0; >+ >+ /* Set rlimits for completeness if possible. */ >+ rl_zero.rlim_cur = rl_zero.rlim_max = 0; >+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) >+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", >+ __func__, strerror(errno)); >+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) >+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", >+ __func__, strerror(errno)); >+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) >+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", >+ __func__, strerror(errno)); >+ >+ if (seccomp_init(SCMP_ACT_KILL) < 0) >+ fatal("%s:libseccomp activation failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(open), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#ifdef __NR_time /* not defined on EABI ARM */ >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(time), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#endif >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(read), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(write), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(close), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(brk), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(poll), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#ifdef __NR__newselect >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(_newselect), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#else >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(select), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#endif >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(madvise), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */ >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#endif >+#ifdef __NR_mmap >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#endif >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#ifdef __NR_rt_sigprocmask >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#else >+ if (seccomp_rule_add(SCMP_ACT_ALLOW, SCMP_SYS(sigprocmask), 0) < 0) >+ fatal("%s:libseccomp rule failed", __func__); >+#endif >+ >+ if (seccomp_load() < 0) >+ fatal("%s:libseccomp unable to load filter", __func__); >+} >+ >+void >+ssh_sandbox_parent_finish(struct ssh_sandbox *box) >+{ >+ free(box); >+ debug3("%s: finished", __func__); >+} >+ >+void >+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) >+{ >+ box->child_pid = child_pid; >+} >+ >+#endif /* SANDBOX_LIBSECCOMP_FILTER */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 2142
:
2328
|
2563
|
2927
|
2962