| Age | Commit message (Collapse) | Author |
|---|
|
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
|
|
Kevin Brott.
|
|
to use Solaris native GSS libs. Patch from Pierre Ossman.
|
|
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
|
|
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
|
|
libgss too. Patch from Pierre Ossman, ok djm.
|
|
ssh(1) since they're not needed. Patch from Pierre Ossman.
|
|
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
|
|
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
|
|
libcrypto that lacks EVP_CIPHER_CTX_ctrl
|
|
__attribute__ on return values and work around if necessary. ok djm@
|
|
at configure time; the seccomp sandbox will fall back to rlimit at
runtime anyway. Patch from plautrba AT redhat.com in bz#2011
|
|
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
|
|
compat code for older OpenSSL
|
|
for us.
|
|
debugging. ok dtucker@
|
|
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
esperi.org.uk; ok dtucker@
|
|
platforms that don't have it. "looks good" tim@
|
|
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
benefit is minor, so it's not worth disabling the sandbox if it doesn't
work.
|
|
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
|
|
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
|
|
from cjwatson at debian org.
|
|
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
|
|
contains openpty() but not login()
|
|
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
|
|
audit breakage in Solaris 11. Patch from Magnus Johansson.
|
|
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
|
|
|
|
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
|
|
|
|
openbsd-compat/strnlen.c] Add strnlen to the compat library.
|
|
from des AT des.no
|
|
|
|
an explicitly requested sandbox type
|
|
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
markus@
|
|
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
[sandbox-systrace.c sandbox.h configure.ac Makefile.in]
introduce sandboxing of the pre-auth privsep child using systrace(4).
This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.
The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.
UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.
feedback dtucker@; ok markus@
|
|
|
|
directory. Add --with-maildir option to override. Fixed OpenServer 6
getting it wrong. Fixed many systems having MAIL=/var/mail//username
ok dtucker
|
|
options, we should corresponding -W-option when trying to determine
whether it is accepted. Also includes a warning fix on the program
fragment uses (bad main() return type).
bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
|
|
so autoreconf 2.68 is happy.
|
|
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
|
|
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
|
|
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
|
|
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
|
|
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
|
|
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
|
|
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
|
|
on configurations that don't have it.
|
|
ecdsa keys. ok djm.
|
|
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
|
