upstream commit

Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
author: deraadt@openbsd.org <deraadt@openbsd.org> 2015-10-09 01:37:08 +0000
committer: Damien Miller <djm@mindrot.org> 2015-10-14 03:22:08 +1100
commit: 2539dce2a049a8f6bb0d44cac51f07ad48e691d3 (patch)
tree: 4bfeaba2e6740193ed669006ffb6cebb88d8f279
parent: 9846a2f4067383bb76b4e31a9d2303e0a9c13a73 (diff)
3 files changed, 13 insertions, 13 deletions
diff --git a/Makefile.in b/Makefile.in
index 8305cec9d..1a432d24b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -110,7 +110,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
        sftp-server.o sftp-common.o \
        roaming_common.o roaming_serv.o \
        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-        sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-tame.o
+        sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o
 MANPAGES        = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN     = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
diff --git a/configure.ac b/configure.ac
index 1693cfae8..346a90c73 100644
--- a/configure.ac
+++ b/configure.ac
@@ -854,7 +854,7 @@ mips-sony-bsd|mips-sony-newsos4)
        AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
            [syslog_r function is safe to use in in a signal handler])
        TEST_MALLOC_OPTIONS="AFGJPRX"
-        AC_CHECK_FUNCS([tame])
+        AC_CHECK_FUNCS([pledge])
        ;;
 *-*-solaris*)
        if test "x$withval" != "xno" ; then
@@ -2998,7 +2998,7 @@ fi
 # Decide which sandbox style to use
 sandbox_arg=""
 AC_ARG_WITH([sandbox],
-        [  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, tame)],
+        [  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
        [
                if test "x$withval" = "xyes" ; then
                        sandbox_arg=""
@@ -3094,12 +3094,12 @@ AC_RUN_IFELSE(
        [AC_MSG_WARN([cross compiling: assuming yes])]
 )
-if test "x$sandbox_arg" = "xtame" || \
+if test "x$sandbox_arg" = "xpledge" || \
-   ( test -z "$sandbox_arg" && test "x$ac_cv_func_tame" = "xyes" ) ; then
+   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
-        test "x$ac_cv_func_tame" != "xyes" && \
+        test "x$ac_cv_func_pledge" != "xyes" && \
-                AC_MSG_ERROR([tame sandbox requires tame(2) support])
+                AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
-        SANDBOX_STYLE="tame"
+        SANDBOX_STYLE="pledge"
-        AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using tame(2)])
+        AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using pledge(2)])
 elif test "x$sandbox_arg" = "xsystrace" || \
   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
        test "x$have_systr_policy_kill" != "x1" && \
diff --git a/sandbox-tame.c b/sandbox-pledge.c
index daa3f3a74..1d3e247d7 100644
--- a/sandbox-tame.c
+++ b/sandbox-pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-tame.c,v 1.2 2015/10/02 15:52:55 deraadt Exp $ */
+/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */
 /*
 * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
 *
@@ -46,7 +46,7 @@ ssh_sandbox_init(struct monitor *m)
 {
        struct ssh_sandbox *box;
-        debug3("%s: preparing tame sandbox", __func__);
+        debug3("%s: preparing pledge sandbox", __func__);
        box = xcalloc(1, sizeof(*box));
        box->child_pid = 0;
@@ -56,8 +56,8 @@ ssh_sandbox_init(struct monitor *m)
 void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
-        if (tame("stdio", NULL) == -1)
+        if (pledge("stdio", NULL) == -1)
-                fatal("%s: tame()", __func__);
+                fatal("%s: pledge()", __func__);
 }
 void
author	deraadt@openbsd.org <deraadt@openbsd.org>	2015-10-09 01:37:08 +0000
committer	Damien Miller <djm@mindrot.org>	2015-10-14 03:22:08 +1100
commit	2539dce2a049a8f6bb0d44cac51f07ad48e691d3 (patch)
tree	4bfeaba2e6740193ed669006ffb6cebb88d8f279
parent	9846a2f4067383bb76b4e31a9d2303e0a9c13a73 (diff)

diff --git a/Makefile.in b/Makefile.in index 8305cec9d..1a432d24b 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -110,7 +110,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
110	sftp-server.o sftp-common.o \	110	sftp-server.o sftp-common.o \
111	roaming_common.o roaming_serv.o \	111	roaming_common.o roaming_serv.o \
112	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \	112	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
113	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-tame.o	113	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o
114		114
115	MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out	115	MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
116	MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5	116	MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5


diff --git a/configure.ac b/configure.ac index 1693cfae8..346a90c73 100644 --- a/configure.ac +++ b/configure.ac
@@ -854,7 +854,7 @@ mips-sony-bsd\|mips-sony-newsos4)
854	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],	854	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
855	[syslog_r function is safe to use in in a signal handler])	855	[syslog_r function is safe to use in in a signal handler])
856	TEST_MALLOC_OPTIONS="AFGJPRX"	856	TEST_MALLOC_OPTIONS="AFGJPRX"
857	AC_CHECK_FUNCS([tame])	857	AC_CHECK_FUNCS([pledge])
858	;;	858	;;
859	--solaris*)	859	--solaris*)
860	if test "x$withval" != "xno" ; then	860	if test "x$withval" != "xno" ; then
@@ -2998,7 +2998,7 @@ fi
2998	# Decide which sandbox style to use	2998	# Decide which sandbox style to use
2999	sandbox_arg=""	2999	sandbox_arg=""
3000	AC_ARG_WITH([sandbox],	3000	AC_ARG_WITH([sandbox],
3001	[ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, tame)],	3001	[ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3002	[	3002	[
3003	if test "x$withval" = "xyes" ; then	3003	if test "x$withval" = "xyes" ; then
3004	sandbox_arg=""	3004	sandbox_arg=""
@@ -3094,12 +3094,12 @@ AC_RUN_IFELSE(
3094	[AC_MSG_WARN([cross compiling: assuming yes])]	3094	[AC_MSG_WARN([cross compiling: assuming yes])]
3095	)	3095	)
3096		3096
3097	if test "x$sandbox_arg" = "xtame" \|\| \	3097	if test "x$sandbox_arg" = "xpledge" \|\| \
3098	( test -z "$sandbox_arg" && test "x$ac_cv_func_tame" = "xyes" ) ; then	3098	( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3099	test "x$ac_cv_func_tame" != "xyes" && \	3099	test "x$ac_cv_func_pledge" != "xyes" && \
3100	AC_MSG_ERROR([tame sandbox requires tame(2) support])	3100	AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3101	SANDBOX_STYLE="tame"	3101	SANDBOX_STYLE="pledge"
3102	AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using tame(2)])	3102	AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using pledge(2)])
3103	elif test "x$sandbox_arg" = "xsystrace" \|\| \	3103	elif test "x$sandbox_arg" = "xsystrace" \|\| \
3104	( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then	3104	( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3105	test "x$have_systr_policy_kill" != "x1" && \	3105	test "x$have_systr_policy_kill" != "x1" && \


diff --git a/sandbox-tame.c b/sandbox-pledge.c index daa3f3a74..1d3e247d7 100644 --- a/sandbox-tame.c +++ b/sandbox-pledge.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sandbox-tame.c,v 1.2 2015/10/02 15:52:55 deraadt Exp $ */	1	/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>	3	* Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
4	*	4	*
@@ -46,7 +46,7 @@ ssh_sandbox_init(struct monitor *m)
46	{	46	{
47	struct ssh_sandbox *box;	47	struct ssh_sandbox *box;
48		48
49	debug3("%s: preparing tame sandbox", __func__);	49	debug3("%s: preparing pledge sandbox", __func__);
50	box = xcalloc(1, sizeof(*box));	50	box = xcalloc(1, sizeof(*box));
51	box->child_pid = 0;	51	box->child_pid = 0;
52		52
@@ -56,8 +56,8 @@ ssh_sandbox_init(struct monitor *m)
56	void	56	void
57	ssh_sandbox_child(struct ssh_sandbox *box)	57	ssh_sandbox_child(struct ssh_sandbox *box)
58	{	58	{
59	if (tame("stdio", NULL) == -1)	59	if (pledge("stdio", NULL) == -1)
60	fatal("%s: tame()", __func__);	60	fatal("%s: pledge()", __func__);
61	}	61	}
62		62
63	void	63	void