Bugzilla – Attachment 2365 Details for
Bug 2140
Capsicum support for FreeBSD 10 (-current)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
capsicum
file_2140.txt (text/plain), 10.12 KB, created by
Loganaden Velvindron
on 2013-10-25 05:46:55 AEDT
(
hide
)
Description:
capsicum
Filename:
MIME Type:
Creator:
Loganaden Velvindron
Created:
2013-10-25 05:46:55 AEDT
Size:
10.12 KB
patch
obsolete
>Index: Makefile.in >=================================================================== >RCS file: /cvs/openssh/Makefile.in,v >retrieving revision 1.340 >diff -u -p -r1.340 Makefile.in >--- Makefile.in 11 Jun 2013 01:26:10 -0000 1.340 >+++ Makefile.in 24 Oct 2013 18:40:58 -0000 >@@ -93,7 +93,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw > sftp-server.o sftp-common.o \ > roaming_common.o roaming_serv.o \ > sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ >- sandbox-seccomp-filter.o >+ sandbox-seccomp-filter.o sandbox-capsicum.o > > MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out > MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 >@@ -456,4 +456,3 @@ package: $(CONFIGFILES) $(MANPAGES) $(TA > if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ > sh buildpkg.sh; \ > fi >- >Index: configure.ac >=================================================================== >RCS file: /cvs/openssh/configure.ac,v >retrieving revision 1.536 >diff -u -p -r1.536 configure.ac >--- configure.ac 4 Aug 2013 11:48:41 -0000 1.536 >+++ configure.ac 24 Oct 2013 18:41:00 -0000 >@@ -120,6 +120,10 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [ha > #include <sys/types.h> > #include <linux/prctl.h> > ]) >+AC_CHECK_DECL([cap_enter], [have_cap_enter=1], , [ >+ #include <sys/capability.h> >+]) >+ > use_stack_protector=1 > AC_ARG_WITH([stackprotect], > [ --without-stackprotect Don't use compiler's stack protection], [ >@@ -2714,7 +2718,7 @@ fi > # Decide which sandbox style to use > sandbox_arg="" > AC_ARG_WITH([sandbox], >- [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], >+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], > [ > if test "x$withval" = "xyes" ; then > sandbox_arg="" >@@ -2853,6 +2857,13 @@ elif test "x$sandbox_arg" = "xrlimit" || > AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) > SANDBOX_STYLE="rlimit" > AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) >+elif test "x$sandbox_arg" = "xcapsicum" || \ >+ ( test -z "$sandbox_arg" && \ >+ test "x$have_cap_enter" = "x1") ; then >+ test "x$have_cap_enter" != "x1" && \ >+ AC_MSG_ERROR([capsicum sandbox requires cap_enter function]) >+ SANDBOX_STYLE="capsicum" >+ AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) > elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ > test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then > SANDBOX_STYLE="none" >Index: sandbox-capsicum.c >=================================================================== >RCS file: sandbox-capsicum.c >diff -N sandbox-capsicum.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ sandbox-capsicum.c 24 Oct 2013 18:41:00 -0000 >@@ -0,0 +1,118 @@ >+/* >+ * Copyright (c) 2011 Dag-Erling Smorgrav >+ * >+ * Permission to use, copy, modify, and distribute this software for any >+ * purpose with or without fee is hereby granted, provided that the above >+ * copyright notice and this permission notice appear in all copies. >+ * >+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES >+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF >+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR >+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES >+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN >+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF >+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. >+ */ >+ >+#include "includes.h" >+ >+#ifdef SANDBOX_CAPSICUM >+ >+#include <sys/types.h> >+#include <sys/param.h> >+#include <sys/time.h> >+#include <sys/resource.h> >+#include <sys/capability.h> >+ >+#include <errno.h> >+#include <stdarg.h> >+#include <stdio.h> >+#include <stdlib.h> >+#include <string.h> >+#include <unistd.h> >+ >+#include "log.h" >+#include "monitor.h" >+#include "ssh-sandbox.h" >+#include "xmalloc.h" >+ >+/* >+ * Capsicum sandbox that sets zero nfiles, nprocs and filesize rlimits, >+ * limits rights on stdout, stdin, stderr, monitor and switches to >+ * capability mode >+*/ >+ >+struct ssh_sandbox { >+ struct monitor *monitor; >+ pid_t child_pid; >+}; >+ >+struct ssh_sandbox * >+ssh_sandbox_init(struct monitor *monitor) >+{ >+ struct ssh_sandbox *box; >+ >+ /* >+ * Strictly, we don't need to maintain any state here but we need >+ * to return non-NULL to satisfy the API. >+ */ >+ debug3("%s: preparing capsicum sandbox", __func__); >+ box = xcalloc(1, sizeof(*box)); >+ box->monitor = monitor; >+ box->child_pid = 0; >+ >+ return box; >+} >+ >+void >+ssh_sandbox_child(struct ssh_sandbox *box) >+{ >+ struct rlimit rl_zero; >+ cap_rights_t rights; >+ >+ rl_zero.rlim_cur = rl_zero.rlim_max = 0; >+ >+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) >+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", >+ __func__, strerror(errno)); >+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) >+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", >+ __func__, strerror(errno)); >+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) >+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", >+ __func__, strerror(errno)); >+ >+ cap_rights_init(&rights); >+ >+ if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) >+ fatal("can't limit stdin: %m"); >+ if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) >+ fatal("can't limit stdin: %m"); >+ if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) >+ fatal("can't limit stdin: %m"); >+ >+ cap_rights_init(&rights, CAP_READ, CAP_WRITE); >+ if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1) >+ fatal("%s: failed to limit the network socket", __func__); >+ cap_rights_init(&rights, CAP_WRITE); >+ if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1) >+ fatal("%s: failed to limit the logging socket", __func__); >+ if (cap_enter() != 0 && errno != ENOSYS) >+ fatal("%s: failed to enter capability mode", __func__); >+ >+} >+ >+void >+ssh_sandbox_parent_finish(struct ssh_sandbox *box) >+{ >+ free(box); >+ debug3("%s: finished", __func__); >+} >+ >+void >+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) >+{ >+ box->child_pid = child_pid; >+} >+ >+#endif /* SANDBOX_CAPSICUM */ >Index: sandbox-darwin.c >=================================================================== >RCS file: /cvs/openssh/sandbox-darwin.c,v >retrieving revision 1.1 >diff -u -p -r1.1 sandbox-darwin.c >--- sandbox-darwin.c 26 Jun 2011 21:18:21 -0000 1.1 >+++ sandbox-darwin.c 24 Oct 2013 18:41:00 -0000 >@@ -40,7 +40,7 @@ struct ssh_sandbox { > }; > > struct ssh_sandbox * >-ssh_sandbox_init(void) >+ssh_sandbox_init(struct monitor *monitor) > { > struct ssh_sandbox *box; > >Index: sandbox-null.c >=================================================================== >RCS file: /cvs/openssh/sandbox-null.c,v >retrieving revision 1.2 >diff -u -p -r1.2 sandbox-null.c >--- sandbox-null.c 23 Jun 2011 09:45:51 -0000 1.2 >+++ sandbox-null.c 24 Oct 2013 18:41:00 -0000 >@@ -39,7 +39,7 @@ struct ssh_sandbox { > }; > > struct ssh_sandbox * >-ssh_sandbox_init(void) >+ssh_sandbox_init(struct monitor *monitor) > { > struct ssh_sandbox *box; > >Index: sandbox-rlimit.c >=================================================================== >RCS file: /cvs/openssh/sandbox-rlimit.c,v >retrieving revision 1.3 >diff -u -p -r1.3 sandbox-rlimit.c >--- sandbox-rlimit.c 3 Jul 2012 12:48:31 -0000 1.3 >+++ sandbox-rlimit.c 24 Oct 2013 18:41:00 -0000 >@@ -42,7 +42,7 @@ struct ssh_sandbox { > }; > > struct ssh_sandbox * >-ssh_sandbox_init(void) >+ssh_sandbox_init(struct monitor *monitor) > { > struct ssh_sandbox *box; > >Index: sandbox-seccomp-filter.c >=================================================================== >RCS file: /cvs/openssh/sandbox-seccomp-filter.c,v >retrieving revision 1.4 >diff -u -p -r1.4 sandbox-seccomp-filter.c >--- sandbox-seccomp-filter.c 1 Jun 2013 23:17:10 -0000 1.4 >+++ sandbox-seccomp-filter.c 24 Oct 2013 18:41:01 -0000 >@@ -132,7 +132,7 @@ struct ssh_sandbox { > }; > > struct ssh_sandbox * >-ssh_sandbox_init(void) >+ssh_sandbox_init(struct monitor *monitor) > { > struct ssh_sandbox *box; > >Index: sandbox-systrace.c >=================================================================== >RCS file: /cvs/openssh/sandbox-systrace.c,v >retrieving revision 1.6 >diff -u -p -r1.6 sandbox-systrace.c >--- sandbox-systrace.c 1 Jun 2013 21:46:17 -0000 1.6 >+++ sandbox-systrace.c 24 Oct 2013 18:41:01 -0000 >@@ -78,7 +78,7 @@ struct ssh_sandbox { > }; > > struct ssh_sandbox * >-ssh_sandbox_init(void) >+ssh_sandbox_init(struct monitor *monitor) > { > struct ssh_sandbox *box; > >Index: ssh-sandbox.h >=================================================================== >RCS file: /cvs/openssh/ssh-sandbox.h,v >retrieving revision 1.1 >diff -u -p -r1.1 ssh-sandbox.h >--- ssh-sandbox.h 23 Jun 2011 09:45:51 -0000 1.1 >+++ ssh-sandbox.h 24 Oct 2013 18:41:01 -0000 >@@ -15,9 +15,10 @@ > * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > */ > >+struct monitor; > struct ssh_sandbox; > >-struct ssh_sandbox *ssh_sandbox_init(void); >+struct ssh_sandbox *ssh_sandbox_init(struct monitor *); > void ssh_sandbox_child(struct ssh_sandbox *); > void ssh_sandbox_parent_finish(struct ssh_sandbox *); > void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); >Index: sshd.c >=================================================================== >RCS file: /cvs/openssh/sshd.c,v >retrieving revision 1.431 >diff -u -p -r1.431 sshd.c >--- sshd.c 22 Sep 2013 09:02:41 -0000 1.431 >+++ sshd.c 24 Oct 2013 18:41:02 -0000 >@@ -653,7 +653,7 @@ privsep_preauth(Authctxt *authctxt) > pmonitor->m_pkex = &xxx_kex; > > if (use_privsep == PRIVSEP_ON) >- box = ssh_sandbox_init(); >+ box = ssh_sandbox_init(pmonitor); > pid = fork(); > if (pid == -1) { > fatal("fork of unprivileged child failed");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2365">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2140
:
2326
|
2352
|
2364
|
2365
|
2371
|
2397
|
2398
|
2401
|
2405