summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2012-07-06 10:27:10 +1000
committerDamien Miller <djm@mindrot.org>2012-07-06 10:27:10 +1000
commita0433a7096b7f1f5d7332b04fa83660b3208ab1d (patch)
tree67b218ca3a89e6cd749d0130e21907139e80b83e
parent34f702ae641f92f763ea00d54eaaf7e3ceddc2d2 (diff)
- (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
not available. Allows use of sshd compiled on host with a filter-capable kernel on hosts that lack the support. bz#2011 ok dtucker@
-rw-r--r--ChangeLog5
-rw-r--r--sandbox-seccomp-filter.c12
2 files changed, 14 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index b19f41cf6..771ba79c2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
120120706
2 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
3 not available. Allows use of sshd compiled on host with a filter-capable
4 kernel on hosts that lack the support. bz#2011 ok dtucker@
5
120120704 620120704
2 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 7 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
3 platforms that don't have it. "looks good" tim@ 8 platforms that don't have it. "looks good" tim@
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 686812957..ef2b13c4f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -179,6 +179,7 @@ void
179ssh_sandbox_child(struct ssh_sandbox *box) 179ssh_sandbox_child(struct ssh_sandbox *box)
180{ 180{
181 struct rlimit rl_zero; 181 struct rlimit rl_zero;
182 int nnp_failed = 0;
182 183
183 /* Set rlimits for completeness if possible. */ 184 /* Set rlimits for completeness if possible. */
184 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 185 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
@@ -197,13 +198,18 @@ ssh_sandbox_child(struct ssh_sandbox *box)
197#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ 198#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
198 199
199 debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__); 200 debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
200 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) 201 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
201 fatal("%s: prctl(PR_SET_NO_NEW_PRIVS): %s", 202 debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
202 __func__, strerror(errno)); 203 __func__, strerror(errno));
204 nnp_failed = 1;
205 }
203 debug3("%s: attaching seccomp filter program", __func__); 206 debug3("%s: attaching seccomp filter program", __func__);
204 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1) 207 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1)
205 fatal("%s: prctl(PR_SET_SECCOMP): %s", 208 debug("%s: prctl(PR_SET_SECCOMP): %s",
206 __func__, strerror(errno)); 209 __func__, strerror(errno));
210 else if (nnp_failed)
211 fatal("%s: SECCOMP_MODE_FILTER activated but "
212 "PR_SET_NO_NEW_PRIVS failed", __func__);
207} 213}
208 214
209void 215void