2 files changed, 51 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 483741555..bd174a476 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20120703
+ - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
+   setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
 20120702
 - (dtucker) OpenBSD CVS Sync
   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
diff --git a/configure.ac b/configure.ac
index 02f8bf858..97cf7b17c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.492 2012/05/19 05:24:37 dtucker Exp $
+# $Id: configure.ac,v 1.493 2012/07/03 04:31:18 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.492 $)
+AC_REVISION($Revision: 1.493 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
@@ -686,7 +686,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
                AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
                    [Prepend the address family to IP tunnel traffic])
        fi
-        AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h])
+        AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
+            [], [#include <linux/types.h>])
        AC_CHECK_FUNCS([prctl])
        have_seccomp_audit_arch=1
        case "$host" in
@@ -2575,6 +2576,45 @@ AC_ARG_WITH([sandbox],
                fi
        ]
 )
+# Some platforms (seems to be the ones that have a kernel poll(2)-type
+# function with which they implement select(2)) use an extra file descriptor
+# when calling select(2), which means we can't use the rlimit sandbox.
+AC_MSG_CHECKING([if select works with descriptor rlimit])
+AC_RUN_IFELSE(
+        [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+        ]],[[
+        struct rlimit rl_zero;
+        int fd, r;
+        fd_set fds;
+        fd = open("/dev/null", O_RDONLY);
+        FD_ZERO(&fds);
+        FD_SET(fd, &fds);
+        rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+        setrlimit(RLIMIT_FSIZE, &rl_zero);
+        setrlimit(RLIMIT_NOFILE, &rl_zero);
+        r = select(fd+1, &fds, NULL, NULL, NULL);
+        exit (r == -1 ? 1 : 0);
+        ]])],
+        [AC_MSG_RESULT([yes])
+         select_works_with_rlimit=yes],
+        [AC_MSG_RESULT([no])
+         select_works_with_rlimit=no],
+        [AC_MSG_WARN([cross compiling: assuming yes])]
+)
 if test "x$sandbox_arg" = "xsystrace" || \
   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
        test "x$have_systr_policy_kill" != "x1" && \
@@ -2607,9 +2647,12 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \
        SANDBOX_STYLE="seccomp_filter"
        AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
 elif test "x$sandbox_arg" = "xrlimit" || \
-     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
+     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
+       test "x$select_works_with_rlimit" == "xyes" ) ; then
        test "x$ac_cv_func_setrlimit" != "xyes" && \
                AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
+        test "x$select_works_with_rlimit" != "xyes" && \
+                AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
        SANDBOX_STYLE="rlimit"
        AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \

diff --git a/ChangeLog b/ChangeLog index 483741555..bd174a476 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,7 @@
		1	20120703
		2	- (dtucker) [configure.ac] Detect platforms that can't use select(2) with
		3	setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
		4
1	20120702	5	20120702
2	- (dtucker) OpenBSD CVS Sync	6	- (dtucker) OpenBSD CVS Sync
3	- naddy@cvs.openbsd.org 2012/06/29 13:57:25	7	- naddy@cvs.openbsd.org 2012/06/29 13:57:25


diff --git a/configure.ac b/configure.ac index 02f8bf858..97cf7b17c 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.492 2012/05/19 05:24:37 dtucker Exp $	1	# $Id: configure.ac,v 1.493 2012/07/03 04:31:18 dtucker Exp $
2	#	2	#
3	# Copyright (c) 1999-2004 Damien Miller	3	# Copyright (c) 1999-2004 Damien Miller
4	#	4	#
@@ -15,7 +15,7 @@
15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16		16
17	AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])	17	AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18	AC_REVISION($Revision: 1.492 $)	18	AC_REVISION($Revision: 1.493 $)
19	AC_CONFIG_SRCDIR([ssh.c])	19	AC_CONFIG_SRCDIR([ssh.c])
20	AC_LANG([C])	20	AC_LANG([C])
21		21
@@ -686,7 +686,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
686	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],	686	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
687	[Prepend the address family to IP tunnel traffic])	687	[Prepend the address family to IP tunnel traffic])
688	fi	688	fi
689	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h])	689	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
		690	[], [#include <linux/types.h>])
690	AC_CHECK_FUNCS([prctl])	691	AC_CHECK_FUNCS([prctl])
691	have_seccomp_audit_arch=1	692	have_seccomp_audit_arch=1
692	case "$host" in	693	case "$host" in
@@ -2575,6 +2576,45 @@ AC_ARG_WITH([sandbox],
2575	fi	2576	fi
2576	]	2577	]
2577	)	2578	)
		2579
		2580	# Some platforms (seems to be the ones that have a kernel poll(2)-type
		2581	# function with which they implement select(2)) use an extra file descriptor
		2582	# when calling select(2), which means we can't use the rlimit sandbox.
		2583	AC_MSG_CHECKING([if select works with descriptor rlimit])
		2584	AC_RUN_IFELSE(
		2585	[AC_LANG_PROGRAM([[
		2586	#include <sys/types.h>
		2587	#ifdef HAVE_SYS_TIME_H
		2588	# include <sys/time.h>
		2589	#endif
		2590	#include <sys/resource.h>
		2591	#ifdef HAVE_SYS_SELECT_H
		2592	# include <sys/select.h>
		2593	#endif
		2594	#include <errno.h>
		2595	#include <fcntl.h>
		2596	#include <stdlib.h>
		2597	]],[[
		2598	struct rlimit rl_zero;
		2599	int fd, r;
		2600	fd_set fds;
		2601
		2602	fd = open("/dev/null", O_RDONLY);
		2603	FD_ZERO(&fds);
		2604	FD_SET(fd, &fds);
		2605	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
		2606	setrlimit(RLIMIT_FSIZE, &rl_zero);
		2607	setrlimit(RLIMIT_NOFILE, &rl_zero);
		2608	r = select(fd+1, &fds, NULL, NULL, NULL);
		2609	exit (r == -1 ? 1 : 0);
		2610	]])],
		2611	[AC_MSG_RESULT([yes])
		2612	select_works_with_rlimit=yes],
		2613	[AC_MSG_RESULT([no])
		2614	select_works_with_rlimit=no],
		2615	[AC_MSG_WARN([cross compiling: assuming yes])]
		2616	)
		2617
2578	if test "x$sandbox_arg" = "xsystrace" \|\| \	2618	if test "x$sandbox_arg" = "xsystrace" \|\| \
2579	( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then	2619	( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2580	test "x$have_systr_policy_kill" != "x1" && \	2620	test "x$have_systr_policy_kill" != "x1" && \
@@ -2607,9 +2647,12 @@ elif test "x$sandbox_arg" = "xseccomp_filter" \|\| \
2607	SANDBOX_STYLE="seccomp_filter"	2647	SANDBOX_STYLE="seccomp_filter"
2608	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])	2648	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2609	elif test "x$sandbox_arg" = "xrlimit" \|\| \	2649	elif test "x$sandbox_arg" = "xrlimit" \|\| \
2610	( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then	2650	( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
		2651	test "x$select_works_with_rlimit" == "xyes" ) ; then
2611	test "x$ac_cv_func_setrlimit" != "xyes" && \	2652	test "x$ac_cv_func_setrlimit" != "xyes" && \
2612	AC_MSG_ERROR([rlimit sandbox requires setrlimit function])	2653	AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
		2654	test "x$select_works_with_rlimit" != "xyes" && \
		2655	AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
2613	SANDBOX_STYLE="rlimit"	2656	SANDBOX_STYLE="rlimit"
2614	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])	2657	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2615	elif test -z "$sandbox_arg" \|\| test "x$sandbox_arg" = "xno" \|\| \	2658	elif test -z "$sandbox_arg" \|\| test "x$sandbox_arg" = "xno" \|\| \