[openssh-commits] [openssh] 01/01: Extend select+rlimit sanbox test to include poll.

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Feb 22 15:39:46 AEDT 2022 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit bc16667b4a1c3cad7029304853c143a32ae04bd4
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Tue Feb 22 15:29:22 2022 +1100

    Extend select+rlimit sanbox test to include poll.
    
    POSIX specifies that poll() shall fail if "nfds argument is greater
    than {OPEN_MAX}".  The setrlimit sandbox sets this to effectively zero
    so this causes poll() to fail in the preauth privsep process.
    
    This is likely the underlying cause for the previously observed similar
    behaviour of select() on plaforms where it is implement in userspace on
    top of poll().
---
 configure.ac | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index eb2872c6..17fb1e60 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3518,10 +3518,11 @@ AC_ARG_WITH([sandbox],
 	]
 )
 
-# Some platforms (seems to be the ones that have a kernel poll(2)-type
-# function with which they implement select(2)) use an extra file descriptor
-# when calling select(2), which means we can't use the rlimit sandbox.
-AC_MSG_CHECKING([if select works with descriptor rlimit])
+# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
+# is greater than OPEN_MAX".  On some platforms that includes implementions
+# ofselect in userspace on top of poll() so check both work with rlimit NOFILES
+# so check that both work before enabling the rlimit sandbox.
+AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
 AC_RUN_IFELSE(
 	[AC_LANG_PROGRAM([[
 #include <sys/types.h>
@@ -3532,6 +3533,11 @@ AC_RUN_IFELSE(
 #ifdef HAVE_SYS_SELECT_H
 # include <sys/select.h>
 #endif
+#ifdef HAVE_POLL_H
+# include <poll.h>
+#elif HAVE_SYS_POLL_H
+# include <sys/poll.h>
+#endif
 #include <errno.h>
 #include <fcntl.h>
 #include <stdlib.h>
@@ -3540,6 +3546,9 @@ AC_RUN_IFELSE(
 	int fd, r;
 	fd_set fds;
 	struct timeval tv;
+#ifdef HAVE_POLL
+	struct pollfd pfd;
+#endif
 
 	fd = open("/dev/null", O_RDONLY);
 	FD_ZERO(&fds);
@@ -3550,7 +3559,16 @@ AC_RUN_IFELSE(
 	tv.tv_sec = 1;
 	tv.tv_usec = 0;
 	r = select(fd+1, &fds, NULL, NULL, &tv);
-	exit (r == -1 ? 1 : 0);
+	if (r == -1)
+		exit(1);
+#ifdef HAVE_POLL
+	pfd.fd = fd;
+	pfd.events = POLLIN;
+	r = poll(&pfd, 1, 1);
+	if (r == -1)
+		exit(2);
+#endif
+	exit(0);
 	]])],
 	[AC_MSG_RESULT([yes])
 	 select_works_with_rlimit=yes],

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list