[openssh-commits] [openssh] 01/03: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Oct 14 03:22:29 AEDT 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date:   Fri Oct 9 01:37:08 2015 +0000

    upstream commit
    
    Change all tame callers to namechange to pledge(2).
    
    Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
---
 Makefile.in                        |  2 +-
 configure.ac                       | 16 ++++++++--------
 sandbox-tame.c => sandbox-pledge.c |  8 ++++----
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 8305cec..1a432d2 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -110,7 +110,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	sftp-server.o sftp-common.o \
 	roaming_common.o roaming_serv.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-tame.o
+	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o
 
 MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
diff --git a/configure.ac b/configure.ac
index 1693cfa..346a90c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -854,7 +854,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
 	    [syslog_r function is safe to use in in a signal handler])
 	TEST_MALLOC_OPTIONS="AFGJPRX"
-	AC_CHECK_FUNCS([tame])
+	AC_CHECK_FUNCS([pledge])
 	;;
 *-*-solaris*)
 	if test "x$withval" != "xno" ; then
@@ -2998,7 +2998,7 @@ fi
 # Decide which sandbox style to use
 sandbox_arg=""
 AC_ARG_WITH([sandbox],
-	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, tame)],
+	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
 	[
 		if test "x$withval" = "xyes" ; then
 			sandbox_arg=""
@@ -3094,12 +3094,12 @@ AC_RUN_IFELSE(
 	[AC_MSG_WARN([cross compiling: assuming yes])]
 )
 
-if test "x$sandbox_arg" = "xtame" || \
-   ( test -z "$sandbox_arg" && test "x$ac_cv_func_tame" = "xyes" ) ; then
-	test "x$ac_cv_func_tame" != "xyes" && \
-		AC_MSG_ERROR([tame sandbox requires tame(2) support])
-	SANDBOX_STYLE="tame"
-	AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using tame(2)])
+if test "x$sandbox_arg" = "xpledge" || \
+   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
+	test "x$ac_cv_func_pledge" != "xyes" && \
+		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
+	SANDBOX_STYLE="pledge"
+	AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using pledge(2)])
 elif test "x$sandbox_arg" = "xsystrace" || \
    ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
 	test "x$have_systr_policy_kill" != "x1" && \
diff --git a/sandbox-tame.c b/sandbox-pledge.c
similarity index 89%
rename from sandbox-tame.c
rename to sandbox-pledge.c
index daa3f3a..1d3e247 100644
--- a/sandbox-tame.c
+++ b/sandbox-pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-tame.c,v 1.2 2015/10/02 15:52:55 deraadt Exp $ */
+/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */
 /*
  * Copyright (c) 2015 Theo de Raadt <deraadt at openbsd.org>
  *
@@ -46,7 +46,7 @@ ssh_sandbox_init(struct monitor *m)
 {
 	struct ssh_sandbox *box;
 
-	debug3("%s: preparing tame sandbox", __func__);
+	debug3("%s: preparing pledge sandbox", __func__);
 	box = xcalloc(1, sizeof(*box));
 	box->child_pid = 0;
 
@@ -56,8 +56,8 @@ ssh_sandbox_init(struct monitor *m)
 void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
-	if (tame("stdio", NULL) == -1)
-		fatal("%s: tame()", __func__);
+	if (pledge("stdio", NULL) == -1)
+		fatal("%s: pledge()", __func__);
 }
 
 void

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list