summaryrefslogtreecommitdiff
path: root/servconf.h
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2011-06-23 08:30:03 +1000
committerDamien Miller <djm@mindrot.org>2011-06-23 08:30:03 +1000
commit69ff1df952eebf0489b775a60ede094eaf596a05 (patch)
tree6eb76b4632b7c131e0fbb52d8ce7cccf658b6bfa /servconf.h
parent82c558761d0fa42dc954d62812b9e4b4a94f64bd (diff)
- djm@cvs.openbsd.org 2011/06/22 21:57:01
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@
Diffstat (limited to 'servconf.h')
-rw-r--r--servconf.h7
1 files changed, 6 insertions, 1 deletions
diff --git a/servconf.h b/servconf.h
index 31e621bde..89f38e20f 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.98 2011/05/23 03:30:07 djm Exp $ */ 1/* $OpenBSD: servconf.h,v 1.99 2011/06/22 21:57:01 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,6 +36,11 @@
36#define PERMIT_NO_PASSWD 2 36#define PERMIT_NO_PASSWD 2
37#define PERMIT_YES 3 37#define PERMIT_YES 3
38 38
39/* use_privsep */
40#define PRIVSEP_OFF 0
41#define PRIVSEP_ON 1
42#define PRIVSEP_SANDBOX 2
43
39#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ 44#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
40#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ 45#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
41 46