[Bug 2140] Capsicum support for FreeBSD 10 (-current)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Oct 13 17:50:59 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2140
--- Comment #3 from Loganaden Velvindron <loganaden at gmail.com> ---
(In reply to Damien Miller from comment #1)
> Comment on attachment 2326 [details]
> openssh-capsicum
>
> Looks good - a couple of small things.
>
> >Index: sandbox-capsicum.c
> >===================================================================
> >RCS file: sandbox-capsicum.c
> >diff -N sandbox-capsicum.c
> >--- /dev/null 1 Jan 1970 00:00:00 -0000
> >+++ sandbox-capsicum.c 7 Aug 2013 19:39:21 -0000
> >@@ -0,0 +1,90 @@
> >+
>
> Please add a license block here.
> http://www.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.
> template?rev=1.3;content-type=text%2Fplain is our preferred one.
The diff is based on an older patch for OpenSSH written by des at freebsd.
http://people.freebsd.org/~pjd/patches/openssh-capsicum.patch
I added his copyright.
>
> >+/* Capsicum sandbox that sets zero nfiles, nprocs and filesize rlimits,
> >+ * limits file descriptors on monitoring object,
> >+ * and switches to capability mode
> >+*/
>
> Minor style nit. The first line of a multiline comment should be
> "/*" by itself.
Corrected.
> The last line's '*' should be aligned to the previous line's (i.e.
> add a space at the start of the line).
>
> >+struct ssh_sandbox {
> >+ struct monitor *monitor;
>
> This isn't used and can be removed.
>
> >+extern struct monitor *pmonitor;
>
> This can go too.
>
> >+ box->monitor = pmonitor;
>
> and this.
>
Removed and tested on FreeBSD 10 ALPHA.
>
> >+ if (cap_rights_limit(box->monitor->m_recvfd, CAP_READ | CAP_WRITE) == -1)
> >+ fatal("%s: failed to limit the network socket", __func__);
> >+ if (cap_rights_limit(box->monitor->m_log_sendfd, CAP_WRITE) == -1)
> >+ fatal("%s: failed to limit the logging socket", __func__);
>
> Are there any other fds open at this point? How about 0, 1 and 2 -
> could they be limited?
Yep, we can limit them completely.
No read and write possible on 0,1 & 2.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list