summaryrefslogtreecommitdiff
path: root/debian/patches/sandbox-fallback.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/sandbox-fallback.patch')
-rw-r--r--debian/patches/sandbox-fallback.patch925
1 files changed, 0 insertions, 925 deletions
diff --git a/debian/patches/sandbox-fallback.patch b/debian/patches/sandbox-fallback.patch
deleted file mode 100644
index 124504b36..000000000
--- a/debian/patches/sandbox-fallback.patch
+++ /dev/null
@@ -1,925 +0,0 @@
1Description: Add a sandbox fallback mechanism
2Author: Colin Watson <cjwatson@debian.org>
3Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2011
4Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=2011
5Last-Update: 2012-05-26
6
7Index: b/Makefile.in
8===================================================================
9--- a/Makefile.in
10+++ b/Makefile.in
11@@ -93,8 +93,8 @@
12 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
13 sftp-server.o sftp-common.o \
14 roaming_common.o roaming_serv.o \
15- sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
16- sandbox-seccomp-filter.o
17+ sandbox.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o \
18+ sandbox-darwin.o sandbox-seccomp-filter.o
19
20 MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
21 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
22Index: b/configure.ac
23===================================================================
24--- a/configure.ac
25+++ b/configure.ac
26@@ -126,25 +126,6 @@
27 #include <linux/seccomp.h>
28 ])
29 fi
30-if test "x$have_seccomp_filter" = "x1" ; then
31-AC_MSG_CHECKING([kernel for seccomp_filter support])
32-AC_RUN_IFELSE([AC_LANG_PROGRAM([[
33- #include <errno.h>
34- #include <linux/seccomp.h>
35- #include <stdlib.h>
36- #include <sys/prctl.h>
37- ]],
38- [[ errno = 0;
39- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
40- exit(errno == EFAULT ? 0 : 1); ]])],
41- [ AC_MSG_RESULT([yes]) ], [
42- AC_MSG_RESULT([no])
43- # Disable seccomp filter as a target
44- have_seccomp_filter=0
45- ],
46- [ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
47-)
48-fi
49
50 use_stack_protector=1
51 AC_ARG_WITH([stackprotect],
52@@ -2599,21 +2580,24 @@
53 fi
54 ]
55 )
56+SANDBOX_STYLE=""
57 if test "x$sandbox_arg" = "xsystrace" || \
58 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
59 test "x$have_systr_policy_kill" != "x1" && \
60 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
61- SANDBOX_STYLE="systrace"
62+ SANDBOX_STYLE="$SANDBOX_STYLE systrace"
63 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
64-elif test "x$sandbox_arg" = "xdarwin" || \
65+fi
66+if test "x$sandbox_arg" = "xdarwin" || \
67 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
68 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
69 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
70 "x$ac_cv_header_sandbox_h" != "xyes" && \
71 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
72- SANDBOX_STYLE="darwin"
73+ SANDBOX_STYLE="$SANDBOX_STYLE darwin"
74 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
75-elif test "x$sandbox_arg" = "xseccomp_filter" || \
76+fi
77+if test "x$sandbox_arg" = "xseccomp_filter" || \
78 ( test -z "$sandbox_arg" && \
79 test "x$have_seccomp_filter" = "x1" && \
80 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
81@@ -2628,21 +2612,24 @@
82 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
83 test "x$ac_cv_func_prctl" != "xyes" && \
84 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
85- SANDBOX_STYLE="seccomp_filter"
86+ SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter"
87 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
88-elif test "x$sandbox_arg" = "xrlimit" || \
89+fi
90+if test "x$sandbox_arg" = "xrlimit" || \
91 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
92 test "x$ac_cv_func_setrlimit" != "xyes" && \
93 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
94- SANDBOX_STYLE="rlimit"
95+ SANDBOX_STYLE="$SANDBOX_STYLE rlimit"
96 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
97-elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
98+fi
99+if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
100 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
101- SANDBOX_STYLE="none"
102- AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
103-else
104+ SANDBOX_STYLE="$SANDBOX_STYLE none"
105+fi
106+if test -z "$SANDBOX_STYLE" ; then
107 AC_MSG_ERROR([unsupported --with-sandbox])
108 fi
109+SANDBOX_STYLE="${SANDBOX_STYLE# }"
110
111 # Cheap hack to ensure NEWS-OS libraries are arranged right.
112 if test ! -z "$SONY" ; then
113Index: b/configure
114===================================================================
115--- a/configure
116+++ b/configure
117@@ -5598,48 +5598,6 @@
118 fi
119
120 fi
121-if test "x$have_seccomp_filter" = "x1" ; then
122-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
123-$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
124-if test "$cross_compiling" = yes; then :
125- { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
126-$as_echo "cross-compiling, assuming yes" >&6; }
127-
128-else
129- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
130-/* end confdefs.h. */
131-
132- #include <errno.h>
133- #include <linux/seccomp.h>
134- #include <stdlib.h>
135- #include <sys/prctl.h>
136-
137-int
138-main ()
139-{
140- errno = 0;
141- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
142- exit(errno == EFAULT ? 0 : 1);
143- ;
144- return 0;
145-}
146-_ACEOF
147-if ac_fn_c_try_run "$LINENO"; then :
148- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
149-$as_echo "yes" >&6; }
150-else
151-
152- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
153-$as_echo "no" >&6; }
154- # Disable seccomp filter as a target
155- have_seccomp_filter=0
156-
157-fi
158-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
159- conftest.$ac_objext conftest.beam conftest.$ac_ext
160-fi
161-
162-fi
163
164 use_stack_protector=1
165
166@@ -11898,25 +11856,28 @@
167
168 fi
169
170+SANDBOX_STYLE=""
171 if test "x$sandbox_arg" = "xsystrace" || \
172 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
173 test "x$have_systr_policy_kill" != "x1" && \
174 as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
175- SANDBOX_STYLE="systrace"
176+ SANDBOX_STYLE="$SANDBOX_STYLE systrace"
177
178 $as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
179
180-elif test "x$sandbox_arg" = "xdarwin" || \
181+fi
182+if test "x$sandbox_arg" = "xdarwin" || \
183 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
184 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
185 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
186 "x$ac_cv_header_sandbox_h" != "xyes" && \
187 as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
188- SANDBOX_STYLE="darwin"
189+ SANDBOX_STYLE="$SANDBOX_STYLE darwin"
190
191 $as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
192
193-elif test "x$sandbox_arg" = "xseccomp_filter" || \
194+fi
195+if test "x$sandbox_arg" = "xseccomp_filter" || \
196 ( test -z "$sandbox_arg" && \
197 test "x$have_seccomp_filter" = "x1" && \
198 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
199@@ -11931,27 +11892,28 @@
200 as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
201 test "x$ac_cv_func_prctl" != "xyes" && \
202 as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
203- SANDBOX_STYLE="seccomp_filter"
204+ SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter"
205
206 $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
207
208-elif test "x$sandbox_arg" = "xrlimit" || \
209+fi
210+if test "x$sandbox_arg" = "xrlimit" || \
211 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
212 test "x$ac_cv_func_setrlimit" != "xyes" && \
213 as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
214- SANDBOX_STYLE="rlimit"
215+ SANDBOX_STYLE="$SANDBOX_STYLE rlimit"
216
217 $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
218
219-elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
220+fi
221+if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
222 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
223- SANDBOX_STYLE="none"
224-
225-$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
226-
227-else
228+ SANDBOX_STYLE="$SANDBOX_STYLE none"
229+fi
230+if test -z "$SANDBOX_STYLE" ; then
231 as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
232 fi
233+SANDBOX_STYLE="${SANDBOX_STYLE# }"
234
235 # Cheap hack to ensure NEWS-OS libraries are arranged right.
236 if test ! -z "$SONY" ; then
237Index: b/config.h.in
238===================================================================
239--- a/config.h.in
240+++ b/config.h.in
241@@ -1365,9 +1365,6 @@
242 /* Sandbox using Darwin sandbox_init(3) */
243 #undef SANDBOX_DARWIN
244
245-/* no privsep sandboxing */
246-#undef SANDBOX_NULL
247-
248 /* Sandbox using setrlimit(2) */
249 #undef SANDBOX_RLIMIT
250
251Index: b/sandbox-darwin.c
252===================================================================
253--- a/sandbox-darwin.c
254+++ b/sandbox-darwin.c
255@@ -16,10 +16,12 @@
256
257 #include "includes.h"
258
259-#ifdef SANDBOX_DARWIN
260-
261 #include <sys/types.h>
262
263+#include "ssh-sandbox.h"
264+
265+#ifdef SANDBOX_DARWIN
266+
267 #include <sandbox.h>
268
269 #include <errno.h>
270@@ -30,7 +32,6 @@
271 #include <unistd.h>
272
273 #include "log.h"
274-#include "sandbox.h"
275 #include "xmalloc.h"
276
277 /* Darwin/OS X sandbox */
278@@ -39,8 +40,14 @@
279 pid_t child_pid;
280 };
281
282-struct ssh_sandbox *
283-ssh_sandbox_init(void)
284+static int
285+sandbox_darwin_probe(void)
286+{
287+ return 1;
288+}
289+
290+static void *
291+sandbox_darwin_init(void)
292 {
293 struct ssh_sandbox *box;
294
295@@ -55,9 +62,10 @@
296 return box;
297 }
298
299-void
300-ssh_sandbox_child(struct ssh_sandbox *box)
301+static void
302+sandbox_darwin_child(void *vbox)
303 {
304+ struct ssh_sandbox *box = vbox;
305 char *errmsg;
306 struct rlimit rl_zero;
307
308@@ -82,17 +90,39 @@
309 __func__, strerror(errno));
310 }
311
312-void
313-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
314+static void
315+sandbox_darwin_parent_finish(void *vbox)
316 {
317- free(box);
318+ free(vbox);
319 debug3("%s: finished", __func__);
320 }
321
322-void
323-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
324+static void
325+sandbox_darwin_parent_preauth(void *box, pid_t child_pid)
326 {
327+ struct ssh_sandbox *box = vbox;
328+
329 box->child_pid = child_pid;
330 }
331
332+Sandbox ssh_sandbox_darwin = {
333+ "darwin",
334+ sandbox_darwin_probe,
335+ sandbox_darwin_init,
336+ sandbox_darwin_child,
337+ sandbox_darwin_parent_finish,
338+ sandbox_darwin_parent_preauth
339+};
340+
341+#else /* !SANDBOX_DARWIN */
342+
343+Sandbox ssh_sandbox_darwin = {
344+ "darwin",
345+ NULL,
346+ NULL,
347+ NULL,
348+ NULL,
349+ NULL
350+};
351+
352 #endif /* SANDBOX_DARWIN */
353Index: b/sandbox-null.c
354===================================================================
355--- a/sandbox-null.c
356+++ b/sandbox-null.c
357@@ -17,8 +17,6 @@
358
359 #include "includes.h"
360
361-#ifdef SANDBOX_NULL
362-
363 #include <sys/types.h>
364
365 #include <errno.h>
366@@ -38,8 +36,14 @@
367 int junk;
368 };
369
370-struct ssh_sandbox *
371-ssh_sandbox_init(void)
372+static int
373+sandbox_null_probe(void)
374+{
375+ return 1;
376+}
377+
378+static void *
379+sandbox_null_init(void)
380 {
381 struct ssh_sandbox *box;
382
383@@ -51,22 +55,29 @@
384 return box;
385 }
386
387-void
388-ssh_sandbox_child(struct ssh_sandbox *box)
389+static void
390+sandbox_null_child(void *vbox)
391 {
392 /* Nothing to do here */
393 }
394
395-void
396-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
397+static void
398+sandbox_null_parent_finish(void *vbox)
399 {
400- free(box);
401+ free(vbox);
402 }
403
404-void
405-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
406+static void
407+sandbox_null_parent_preauth(void *box, pid_t child_pid)
408 {
409 /* Nothing to do here */
410 }
411
412-#endif /* SANDBOX_NULL */
413+Sandbox ssh_sandbox_null = {
414+ "null",
415+ sandbox_null_probe,
416+ sandbox_null_init,
417+ sandbox_null_child,
418+ sandbox_null_parent_finish,
419+ sandbox_null_parent_preauth
420+};
421Index: b/sandbox-rlimit.c
422===================================================================
423--- a/sandbox-rlimit.c
424+++ b/sandbox-rlimit.c
425@@ -17,9 +17,12 @@
426
427 #include "includes.h"
428
429+#include <sys/types.h>
430+
431+#include "ssh-sandbox.h"
432+
433 #ifdef SANDBOX_RLIMIT
434
435-#include <sys/types.h>
436 #include <sys/param.h>
437 #include <sys/time.h>
438 #include <sys/resource.h>
439@@ -32,7 +35,6 @@
440 #include <unistd.h>
441
442 #include "log.h"
443-#include "ssh-sandbox.h"
444 #include "xmalloc.h"
445
446 /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
447@@ -41,8 +43,14 @@
448 pid_t child_pid;
449 };
450
451-struct ssh_sandbox *
452-ssh_sandbox_init(void)
453+static int
454+sandbox_rlimit_probe(void)
455+{
456+ return 1;
457+}
458+
459+static void *
460+sandbox_rlimit_init(void)
461 {
462 struct ssh_sandbox *box;
463
464@@ -57,8 +65,8 @@
465 return box;
466 }
467
468-void
469-ssh_sandbox_child(struct ssh_sandbox *box)
470+static void
471+sandbox_rlimit_child(void *vbox)
472 {
473 struct rlimit rl_zero;
474
475@@ -77,17 +85,39 @@
476 #endif
477 }
478
479-void
480-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
481+static void
482+sandbox_rlimit_parent_finish(void *vbox)
483 {
484- free(box);
485+ free(vbox);
486 debug3("%s: finished", __func__);
487 }
488
489-void
490-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
491+static void
492+sandbox_rlimit_parent_preauth(void *vbox, pid_t child_pid)
493 {
494+ struct ssh_sandbox *box = vbox;
495+
496 box->child_pid = child_pid;
497 }
498
499+Sandbox ssh_sandbox_rlimit = {
500+ "rlimit",
501+ sandbox_rlimit_probe,
502+ sandbox_rlimit_init,
503+ sandbox_rlimit_child,
504+ sandbox_rlimit_parent_finish,
505+ sandbox_rlimit_parent_preauth
506+};
507+
508+#else /* !SANDBOX_RLIMIT */
509+
510+Sandbox ssh_sandbox_rlimit = {
511+ "rlimit",
512+ NULL,
513+ NULL,
514+ NULL,
515+ NULL,
516+ NULL
517+};
518+
519 #endif /* SANDBOX_RLIMIT */
520Index: b/sandbox-seccomp-filter.c
521===================================================================
522--- a/sandbox-seccomp-filter.c
523+++ b/sandbox-seccomp-filter.c
524@@ -35,11 +35,15 @@
525
526 #include "includes.h"
527
528+#include <sys/types.h>
529+
530+#include "ssh-sandbox.h"
531+
532 #ifdef SANDBOX_SECCOMP_FILTER
533
534-#include <sys/types.h>
535 #include <sys/resource.h>
536 #include <sys/prctl.h>
537+#include <sys/wait.h>
538
539 #include <linux/audit.h>
540 #include <linux/filter.h>
541@@ -57,7 +61,6 @@
542 #include <unistd.h>
543
544 #include "log.h"
545-#include "ssh-sandbox.h"
546 #include "xmalloc.h"
547
548 /* Linux seccomp_filter sandbox */
549@@ -122,8 +125,33 @@
550 pid_t child_pid;
551 };
552
553-struct ssh_sandbox *
554-ssh_sandbox_init(void)
555+static int
556+sandbox_seccomp_filter_probe(void)
557+{
558+ int status;
559+ pid_t pid;
560+
561+ pid = fork();
562+ if (pid == -1) {
563+ fatal("fork of seccomp_filter probe child failed");
564+ } else if (pid != 0) {
565+ /* parent */
566+ while (waitpid(pid, &status, 0) < 0) {
567+ if (errno == EINTR)
568+ continue;
569+ fatal("%s: waitpid: %s", __func__, strerror(errno));
570+ }
571+ return (WIFEXITED(status) && WEXITSTATUS(status) == 0);
572+ } else {
573+ /* child */
574+ errno = 0;
575+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
576+ _exit(errno == EFAULT ? 0 : 1);
577+ }
578+}
579+
580+static void *
581+sandbox_seccomp_filter_init(void)
582 {
583 struct ssh_sandbox *box;
584
585@@ -143,7 +171,8 @@
586 void mm_log_handler(LogLevel level, const char *msg, void *ctx);
587
588 static void
589-ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context)
590+sandbox_seccomp_filter_violation(int signum, siginfo_t *info,
591+ void *void_context)
592 {
593 char msg[256];
594
595@@ -155,7 +184,7 @@
596 }
597
598 static void
599-ssh_sandbox_child_debugging(void)
600+sandbox_seccomp_filter_child_debugging(void)
601 {
602 struct sigaction act;
603 sigset_t mask;
604@@ -165,7 +194,7 @@
605 sigemptyset(&mask);
606 sigaddset(&mask, SIGSYS);
607
608- act.sa_sigaction = &ssh_sandbox_violation;
609+ act.sa_sigaction = &sandbox_seccomp_filter_violation;
610 act.sa_flags = SA_SIGINFO;
611 if (sigaction(SIGSYS, &act, NULL) == -1)
612 fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
613@@ -175,8 +204,8 @@
614 }
615 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
616
617-void
618-ssh_sandbox_child(struct ssh_sandbox *box)
619+static void
620+sandbox_seccomp_filter_child(void *vbox)
621 {
622 struct rlimit rl_zero;
623
624@@ -193,7 +222,7 @@
625 __func__, strerror(errno));
626
627 #ifdef SANDBOX_SECCOMP_FILTER_DEBUG
628- ssh_sandbox_child_debugging();
629+ sandbox_seccomp_filter_child_debugging();
630 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
631
632 debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
633@@ -206,17 +235,39 @@
634 __func__, strerror(errno));
635 }
636
637-void
638-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
639+static void
640+sandbox_seccomp_filter_parent_finish(void *vbox)
641 {
642- free(box);
643+ free(vbox);
644 debug3("%s: finished", __func__);
645 }
646
647-void
648-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
649+static void
650+sandbox_seccomp_filter_parent_preauth(void *vbox, pid_t child_pid)
651 {
652+ struct ssh_sandbox *box = vbox;
653+
654 box->child_pid = child_pid;
655 }
656
657+Sandbox ssh_sandbox_seccomp_filter = {
658+ "seccomp_filter",
659+ sandbox_seccomp_filter_probe,
660+ sandbox_seccomp_filter_init,
661+ sandbox_seccomp_filter_child,
662+ sandbox_seccomp_filter_parent_finish,
663+ sandbox_seccomp_filter_parent_preauth
664+};
665+
666+#else /* !SANDBOX_SECCOMP_FILTER */
667+
668+Sandbox ssh_sandbox_seccomp_filter = {
669+ "seccomp_filter",
670+ NULL,
671+ NULL,
672+ NULL,
673+ NULL,
674+ NULL
675+};
676+
677 #endif /* SANDBOX_SECCOMP_FILTER */
678Index: b/sandbox-systrace.c
679===================================================================
680--- a/sandbox-systrace.c
681+++ b/sandbox-systrace.c
682@@ -17,9 +17,12 @@
683
684 #include "includes.h"
685
686+#include <sys/types.h>
687+
688+#include "ssh-sandbox.h"
689+
690 #ifdef SANDBOX_SYSTRACE
691
692-#include <sys/types.h>
693 #include <sys/param.h>
694 #include <sys/ioctl.h>
695 #include <sys/syscall.h>
696@@ -38,7 +41,6 @@
697
698 #include "atomicio.h"
699 #include "log.h"
700-#include "ssh-sandbox.h"
701 #include "xmalloc.h"
702
703 struct sandbox_policy {
704@@ -74,8 +76,14 @@
705 pid_t child_pid;
706 };
707
708-struct ssh_sandbox *
709-ssh_sandbox_init(void)
710+static int
711+sandbox_systrace_probe(void)
712+{
713+ return 1;
714+}
715+
716+static void *
717+sandbox_systrace_init(void)
718 {
719 struct ssh_sandbox *box;
720 int s[2];
721@@ -92,9 +100,10 @@
722 return box;
723 }
724
725-void
726-ssh_sandbox_child(struct ssh_sandbox *box)
727+static void
728+sandbox_systrace_child(void *vbox)
729 {
730+ struct ssh_sandbox *box = vbox;
731 char whatever = 0;
732
733 close(box->parent_sock);
734@@ -110,7 +119,7 @@
735 }
736
737 static void
738-ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
739+sandbox_systrace_parent(struct ssh_sandbox *box, pid_t child_pid,
740 const struct sandbox_policy *allowed_syscalls)
741 {
742 int dev_systrace, i, j, found;
743@@ -179,9 +188,11 @@
744 close(box->parent_sock);
745 }
746
747-void
748-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
749+static void
750+sandbox_systrace_parent_finish(void *vbox)
751 {
752+ struct ssh_sandbox *box = vbox;
753+
754 /* Closing this before the child exits will terminate it */
755 close(box->systrace_fd);
756
757@@ -189,10 +200,32 @@
758 debug3("%s: finished", __func__);
759 }
760
761-void
762-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
763+static void
764+sandbox_systrace_parent_preauth(void *vbox, pid_t child_pid)
765 {
766+ struct ssh_sandbox *box = vbox;
767+
768 ssh_sandbox_parent(box, child_pid, preauth_policy);
769 }
770
771+Sandbox ssh_sandbox_systrace = {
772+ "systrace",
773+ sandbox_systrace_probe,
774+ sandbox_systrace_init,
775+ sandbox_systrace_child,
776+ sandbox_systrace_parent_finish,
777+ sandbox_systrace_parent_preauth
778+};
779+
780+#else /* !SANDBOX_SYSTRACE */
781+
782+Sandbox ssh_sandbox_systrace = {
783+ "systrace",
784+ NULL,
785+ NULL,
786+ NULL,
787+ NULL,
788+ NULL
789+};
790+
791 #endif /* SANDBOX_SYSTRACE */
792Index: b/sandbox.c
793===================================================================
794--- /dev/null
795+++ b/sandbox.c
796@@ -0,0 +1,82 @@
797+/* $Id$ */
798+/*
799+ * Copyright (c) 2012 Colin Watson <cjwatson@debian.org>
800+ *
801+ * Permission to use, copy, modify, and distribute this software for any
802+ * purpose with or without fee is hereby granted, provided that the above
803+ * copyright notice and this permission notice appear in all copies.
804+ *
805+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
806+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
807+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
808+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
809+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
810+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
811+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
812+ */
813+
814+#include <sys/types.h>
815+
816+#include <stdlib.h>
817+#include <stdarg.h>
818+
819+#include "log.h"
820+#include "ssh-sandbox.h"
821+
822+static Sandbox *sandboxes[] = {
823+ &ssh_sandbox_systrace,
824+ &ssh_sandbox_darwin,
825+ &ssh_sandbox_seccomp_filter,
826+ &ssh_sandbox_rlimit,
827+ &ssh_sandbox_null,
828+ NULL
829+};
830+
831+static Sandbox *selected;
832+
833+static void
834+sandbox_select(void)
835+{
836+ Sandbox **sandbox;
837+
838+ if (selected)
839+ return;
840+
841+ for (sandbox = sandboxes; sandbox; sandbox++) {
842+ if ((*sandbox)->probe && (*sandbox)->probe()) {
843+ selected = *sandbox;
844+ return;
845+ }
846+ }
847+
848+ /* should never happen, as ssh_sandbox_null always succeeds */
849+ fatal("no sandbox implementation found");
850+}
851+
852+void *
853+ssh_sandbox_init(void)
854+{
855+ sandbox_select();
856+ return selected->init();
857+}
858+
859+void
860+ssh_sandbox_child(void *box)
861+{
862+ sandbox_select();
863+ return selected->child(box);
864+}
865+
866+void
867+ssh_sandbox_parent_finish(void *box)
868+{
869+ sandbox_select();
870+ return selected->parent_finish(box);
871+}
872+
873+void
874+ssh_sandbox_parent_preauth(void *box, pid_t child_pid)
875+{
876+ sandbox_select();
877+ return selected->parent_preauth(box, child_pid);
878+}
879Index: b/ssh-sandbox.h
880===================================================================
881--- a/ssh-sandbox.h
882+++ b/ssh-sandbox.h
883@@ -15,9 +15,24 @@
884 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
885 */
886
887-struct ssh_sandbox;
888+typedef struct Sandbox Sandbox;
889
890-struct ssh_sandbox *ssh_sandbox_init(void);
891-void ssh_sandbox_child(struct ssh_sandbox *);
892-void ssh_sandbox_parent_finish(struct ssh_sandbox *);
893-void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
894+struct Sandbox {
895+ const char *name;
896+ int (*probe)(void);
897+ void *(*init)(void);
898+ void (*child)(void *);
899+ void (*parent_finish)(void *);
900+ void (*parent_preauth)(void *, pid_t);
901+};
902+
903+void *ssh_sandbox_init(void);
904+void ssh_sandbox_child(void *);
905+void ssh_sandbox_parent_finish(void *);
906+void ssh_sandbox_parent_preauth(void *, pid_t);
907+
908+extern Sandbox ssh_sandbox_systrace;
909+extern Sandbox ssh_sandbox_darwin;
910+extern Sandbox ssh_sandbox_seccomp_filter;
911+extern Sandbox ssh_sandbox_rlimit;
912+extern Sandbox ssh_sandbox_null;
913Index: b/sshd.c
914===================================================================
915--- a/sshd.c
916+++ b/sshd.c
917@@ -631,7 +631,7 @@
918 {
919 int status;
920 pid_t pid;
921- struct ssh_sandbox *box = NULL;
922+ void *box = NULL;
923
924 /* Set up unprivileged child process to deal with network data */
925 pmonitor = monitor_init();
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 18:54:29 +0000