summaryrefslogtreecommitdiffstats
path: root/sandbox-systrace.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - markus@cvs.openbsd.org 2012/06/30 14:35:09Darren Tucker2012-07-021-28/+27
| | | | | | | | [sandbox-systrace.c sshd.c] fix a during the load of the sandbox policies (child can still make the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@
* - dtucker@cvs.openbsd.org 2012/06/26 11:02:30Damien Miller2012-06-301-1/+2
| | | | | | [sandbox-systrace.c] Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation sandbox" since malloc now uses it. From johnw.mail at gmail com.
* - djm@cvs.openbsd.org 2011/07/29 14:42:45Damien Miller2011-08-051-34/+44
| | | | | | | [sandbox-systrace.c] fail open(2) with EPERM rather than SIGKILLing the whole process. libc will call open() to do strerror() when NLS is enabled; feedback and ok markus@
* - djm@cvs.openbsd.org 2011/06/23 09:34:13Damien Miller2011-06-231-1/+2
| | | | | | [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] [sandbox-null.c] rename sandbox.h => ssh-sandbox.h to make things easier for portable
* - djm@cvs.openbsd.org 2011/06/22 21:57:01Damien Miller2011-06-231-0/+187
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@