diff options
author | Damien Miller <djm@mindrot.org> | 2012-07-06 10:27:10 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-07-06 10:27:10 +1000 |
commit | a0433a7096b7f1f5d7332b04fa83660b3208ab1d (patch) | |
tree | 67b218ca3a89e6cd749d0130e21907139e80b83e | |
parent | 34f702ae641f92f763ea00d54eaaf7e3ceddc2d2 (diff) |
- (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
not available. Allows use of sshd compiled on host with a filter-capable
kernel on hosts that lack the support. bz#2011 ok dtucker@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | sandbox-seccomp-filter.c | 12 |
2 files changed, 14 insertions, 3 deletions
@@ -1,3 +1,8 @@ | |||
1 | 20120706 | ||
2 | - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is | ||
3 | not available. Allows use of sshd compiled on host with a filter-capable | ||
4 | kernel on hosts that lack the support. bz#2011 ok dtucker@ | ||
5 | |||
1 | 20120704 | 6 | 20120704 |
2 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for | 7 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for |
3 | platforms that don't have it. "looks good" tim@ | 8 | platforms that don't have it. "looks good" tim@ |
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 686812957..ef2b13c4f 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -179,6 +179,7 @@ void | |||
179 | ssh_sandbox_child(struct ssh_sandbox *box) | 179 | ssh_sandbox_child(struct ssh_sandbox *box) |
180 | { | 180 | { |
181 | struct rlimit rl_zero; | 181 | struct rlimit rl_zero; |
182 | int nnp_failed = 0; | ||
182 | 183 | ||
183 | /* Set rlimits for completeness if possible. */ | 184 | /* Set rlimits for completeness if possible. */ |
184 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | 185 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; |
@@ -197,13 +198,18 @@ ssh_sandbox_child(struct ssh_sandbox *box) | |||
197 | #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ | 198 | #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ |
198 | 199 | ||
199 | debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__); | 200 | debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__); |
200 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) | 201 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) { |
201 | fatal("%s: prctl(PR_SET_NO_NEW_PRIVS): %s", | 202 | debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s", |
202 | __func__, strerror(errno)); | 203 | __func__, strerror(errno)); |
204 | nnp_failed = 1; | ||
205 | } | ||
203 | debug3("%s: attaching seccomp filter program", __func__); | 206 | debug3("%s: attaching seccomp filter program", __func__); |
204 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1) | 207 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1) |
205 | fatal("%s: prctl(PR_SET_SECCOMP): %s", | 208 | debug("%s: prctl(PR_SET_SECCOMP): %s", |
206 | __func__, strerror(errno)); | 209 | __func__, strerror(errno)); |
210 | else if (nnp_failed) | ||
211 | fatal("%s: SECCOMP_MODE_FILTER activated but " | ||
212 | "PR_SET_NO_NEW_PRIVS failed", __func__); | ||
207 | } | 213 | } |
208 | 214 | ||
209 | void | 215 | void |