summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-08-06 - tedu@cvs.openbsd.org 2011/07/06 18:09:21Damien Miller
[authfd.c] bzero the agent address. the kernel was for a while very cranky about these things. evne though that's fixed, always good to initialize memory. ok deraadt djm
2011-08-06 - djm@cvs.openbsd.org 2011/06/23 23:35:42Damien Miller
[monitor.c] ignore EINTR errors from poll()
2011-06-27 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox forDamien Miller
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/23 09:34:13Damien Miller
[sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] [sandbox-null.c] rename sandbox.h => ssh-sandbox.h to make things easier for portable
2011-06-23 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't supportDamien Miller
setrlimit(2)
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 21:57:01Damien Miller
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@
2011-06-23 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/06/22 21:47:28 [servconf.c] reuse the multistate option arrays to pretty-print options for "sshd -T"
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:57:25Damien Miller
[clientloop.c] setproctitle for a mux master that has been gracefully stopped; bz#1911 from Bert.Wesarg AT googlemail.com
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:47:35Damien Miller
[servconf.c] factor out multi-choice option parsing into a parse_multistate label and some support structures; ok dtucker@
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:46:16Damien Miller
[sftp-server.c] the protocol version should be unsigned; bz#1913 reported by mb AT smartftp.com
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:44:31Damien Miller
[log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
2011-06-20 - markus@cvs.openbsd.org 2011/06/14 22:49:18Damien Miller
[authfile.c] make sure key_parse_public/private_rsa1() no longer consumes its input buffer. fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@
2011-06-20 - djm@cvs.openbsd.org 2011/06/04 00:10:26Damien Miller
[ssh_config.5] explain IdentifyFile's semantics a little better, prompted by bz#1898 ok dtucker jmc
2011-06-02 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.Tim Rice
2011-06-03 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52Darren Tucker
[regress/dynamic-forward.sh] Retry establishing the port forwarding after a small delay, should make the tests less flaky when the previous test is slow to shut down and free up the port.
2011-06-03 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34Darren Tucker
[regress/dynamic-forward.sh] work around startup and teardown races; caught by deraadt
2011-06-03 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58Darren Tucker
[regress/dynamic-forward.sh] back out revs 1.6 and 1.5 since it's not reliable
2011-06-03 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40Darren Tucker
[ssh-agent.c] Check current parent process ID against saved one to determine if the parent has exited, rather than attempting to send a zero signal, since the latter won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn Gillmor, ok djm@
2011-06-03 - (djm) [configure.ac] enable setproctitle emulation for OS XDamien Miller
2011-06-03 - djm@cvs.openbsd.org 2011/06/03 00:54:38Damien Miller
[ssh.c] bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg AT googlemail.com; ok dtucker@ NB. includes additional portability code to enable setproctitle emulation on platforms that don't support it.
2011-06-03add missing changelog entryDarren Tucker
2011-06-03Remove the !HAVE_SOCKETPAIR case. We use socketpair unconditionally in otherDarren Tucker
places and the survey data we have does not show any systems that use it. "nuke it" djm@
2011-06-02 - (tim) [configure.ac defines.h] Run test program to detect system mailTim Rice
directory. Add --with-maildir option to override. Fixed OpenServer 6 getting it wrong. Fixed many systems having MAIL=/var/mail//username ok dtucker
2011-06-03 - (dtucker) [README version.h contrib/caldera/openssh.specDarren Tucker
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version bumps from the 5.8p2 branch into HEAD. ok djm.
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:31:31Damien Miller
[regress/cfgmatch.sh] include testing of multiple/overridden AuthorizedKeysFiles refactor to simply daemon start/stop and get rid of racy constructs
2011-05-29 - djm@cvs.openbsd.org 2011/05/24 07:15:47Damien Miller
[readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 07:24:57Damien Miller
[authfile.c] read in key comments for v.2 keys (though note that these are not passed over the agent protocol); bz#439, based on patch from binder AT arago.de; ok markus@
2011-05-29 - jmc@cvs.openbsd.org 2011/05/23 07:10:21Damien Miller
[sshd.8 sshd_config.5] tweak previous; ok djm
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:52:55Damien Miller
[sshconnect.c] remove extra newline
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:33:38Damien Miller
[auth.c] make secure_filename() spam debug logs less
2011-05-29OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/23 03:30:07 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30Damien Miller
[dynamic-forward.sh] fix dumb error in dynamic-forward test
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50Damien Miller
[dynamic-forward.sh] Prevent races in dynamic forwarding test; ok djm
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 02:43:36Damien Miller
[cert-hostkey.sh] another attempt to generate a v00 ECDSA key that broke the test ID sync only - portable already had this somehow
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[regress/cert-userkey.sh] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 03:25:45Damien Miller
[monitor.c monitor_wrap.c servconf.c servconf.h] use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19Damien Miller
[servconf.c] Add comment documenting what should be after the preauth check. ok djm
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 00:55:02Damien Miller
[servconf.c] the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile and AuthorizedPrincipalsFile were not being correctly applied in Match blocks, despite being overridable there; ok dtucker@
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[key.c] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/15 08:09:01 [authfd.c monitor.c serverloop.c] use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2Damien Miller
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [session.c] call setexeccon() before executing passwd for pwDamien Miller
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2011-05-15 - (djm) [packet.c] unbreak portability #endifDamien Miller
2011-05-15 - djm@cvs.openbsd.org 2011/05/13 00:05:36Damien Miller
[authfile.c] warn on unexpected key type in key_parse_private_type()
2011-05-15 - djm@cvs.openbsd.org 2011/05/11 04:47:06Damien Miller
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/10 05:46:46Damien Miller
[authfile.c] despam debug() logs by detecting that we are trying to load a private key in key_try_load_public() and returning early; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/08 12:52:01Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c] improve our behaviour when TTY allocation fails: if we are in RequestTTY=auto mode (the default), then do not treat at TTY allocation error as fatal but rather just restore the local TTY to cooked mode and continue. This is more graceful on devices that never allocate TTYs. If RequestTTY is set to "yes" or "force", then failure to allocate a TTY is fatal. ok markus@