summaryrefslogtreecommitdiff
path: root/sandbox-rlimit.c
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox-rlimit.c')
-rw-r--r--sandbox-rlimit.c54
1 files changed, 13 insertions, 41 deletions
diff --git a/sandbox-rlimit.c b/sandbox-rlimit.c
index bfd1d446e..a00386337 100644
--- a/sandbox-rlimit.c
+++ b/sandbox-rlimit.c
@@ -17,12 +17,9 @@
17 17
18#include "includes.h" 18#include "includes.h"
19 19
20#include <sys/types.h>
21
22#include "ssh-sandbox.h"
23
24#ifdef SANDBOX_RLIMIT 20#ifdef SANDBOX_RLIMIT
25 21
22#include <sys/types.h>
26#include <sys/param.h> 23#include <sys/param.h>
27#include <sys/time.h> 24#include <sys/time.h>
28#include <sys/resource.h> 25#include <sys/resource.h>
@@ -35,6 +32,7 @@
35#include <unistd.h> 32#include <unistd.h>
36 33
37#include "log.h" 34#include "log.h"
35#include "ssh-sandbox.h"
38#include "xmalloc.h" 36#include "xmalloc.h"
39 37
40/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ 38/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
@@ -43,14 +41,8 @@ struct ssh_sandbox {
43 pid_t child_pid; 41 pid_t child_pid;
44}; 42};
45 43
46static int 44struct ssh_sandbox *
47sandbox_rlimit_probe(void) 45ssh_sandbox_init(void)
48{
49 return 1;
50}
51
52static void *
53sandbox_rlimit_init(void)
54{ 46{
55 struct ssh_sandbox *box; 47 struct ssh_sandbox *box;
56 48
@@ -65,16 +57,18 @@ sandbox_rlimit_init(void)
65 return box; 57 return box;
66} 58}
67 59
68static void 60void
69sandbox_rlimit_child(void *vbox) 61ssh_sandbox_child(struct ssh_sandbox *box)
70{ 62{
71 struct rlimit rl_zero; 63 struct rlimit rl_zero;
72 64
73 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 65 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
74 66
67#ifndef SANDBOX_SKIP_RLIMIT_FSIZE
75 if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) 68 if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
76 fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", 69 fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
77 __func__, strerror(errno)); 70 __func__, strerror(errno));
71#endif
78 if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) 72 if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
79 fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", 73 fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
80 __func__, strerror(errno)); 74 __func__, strerror(errno));
@@ -85,39 +79,17 @@ sandbox_rlimit_child(void *vbox)
85#endif 79#endif
86} 80}
87 81
88static void 82void
89sandbox_rlimit_parent_finish(void *vbox) 83ssh_sandbox_parent_finish(struct ssh_sandbox *box)
90{ 84{
91 free(vbox); 85 free(box);
92 debug3("%s: finished", __func__); 86 debug3("%s: finished", __func__);
93} 87}
94 88
95static void 89void
96sandbox_rlimit_parent_preauth(void *vbox, pid_t child_pid) 90ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
97{ 91{
98 struct ssh_sandbox *box = vbox;
99
100 box->child_pid = child_pid; 92 box->child_pid = child_pid;
101} 93}
102 94
103Sandbox ssh_sandbox_rlimit = {
104 "rlimit",
105 sandbox_rlimit_probe,
106 sandbox_rlimit_init,
107 sandbox_rlimit_child,
108 sandbox_rlimit_parent_finish,
109 sandbox_rlimit_parent_preauth
110};
111
112#else /* !SANDBOX_RLIMIT */
113
114Sandbox ssh_sandbox_rlimit = {
115 "rlimit",
116 NULL,
117 NULL,
118 NULL,
119 NULL,
120 NULL
121};
122
123#endif /* SANDBOX_RLIMIT */ 95#endif /* SANDBOX_RLIMIT */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 17:03:30 +0000