[openssh-commits] CVS: fuyu.mindrot.org: openssh

[Damien Miller]

CVSROOT:        /var/cvs
Module name:    openssh
Changes by:     djm at fuyu.mindrot.org 11/06/23 08:30:03

Modified files:
    .               : ChangeLog Makefile.in configure.ac servconf.c servconf.h sshd.c sshd_config.5
Added files:
    .               : sandbox-rlimit.c sandbox-systrace.c sandbox.h

Log message:
   - djm at cvs.openbsd.org 2011/06/22 21:57:01
     [servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).
     
     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.
     
     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.
     
     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.
     
     feedback dtucker@; ok markus@

Diff commands:
cvs -nQq rdiff -u -r1.5908 -r1.5909 openssh/ChangeLog
cvs -nQq rdiff -u -r1.322 -r1.323 openssh/Makefile.in
cvs -nQq rdiff -u -r1.476 -r1.477 openssh/configure.ac
cvs -nQq rdiff -u -r1.218 -r1.219 openssh/servconf.c
cvs -nQq rdiff -u -r1.90 -r1.91 openssh/servconf.h
cvs -nQq rdiff -u -r1.405 -r1.406 openssh/sshd.c
cvs -nQq rdiff -u -r1.140 -r1.141 openssh/sshd_config.5

ViewVC:
http://anoncvs.mindrot.org/index.cgi/openssh/ChangeLog?r1=1.5908;r2=1.5909&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/Makefile.in?r1=1.322;r2=1.323&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/configure.ac?r1=1.476;r2=1.477&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/servconf.c?r1=1.218;r2=1.219&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/servconf.h?r1=1.90;r2=1.91&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/sshd.c?r1=1.405;r2=1.406&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/sshd_config.5?r1=1.140;r2=1.141&view=patch

Please note that there may be a delay before commits are available
on the public ViewVC site.