Call for testing: OpenSSH-6.2
Darren Tucker
dtucker at zip.com.au
Wed Mar 6 15:25:45 EST 2013
On Wed, Mar 6, 2013 at 2:57 PM, Darren Tucker <dtucker at zip.com.au> wrote:
> ssh_sandbox_child: setrlimit(RLIMIT_NOFILE, { 0, 0 }): Invalid
> argument [preauth]
>
> so, setrlimit is the problem, but only for
> UsePrivilegeSeparation=sandbox. Not sure why though (or, for that
> matter, why the test in configure didn't catch it).
it's a different problem to what's in the configure test. It looks
like HP-UX does not allow you to set RLIMIT_NOFILE below the number of
descriptors you currently have open.
with this little test program:
#include <sys/types.h>
#include <sys/resource.h>
#include <errno.h>
#include <stdlib.h>
int main(void)
{
int i, r;
struct rlimit rl;
for (i = 5; i >= 0; i--) {
rl.rlim_cur = rl.rlim_max = i;
r = setrlimit(RLIMIT_NOFILE, &rl);
printf("%d %s %s\n", i, r == 0 ? "ok" : "fail",
r == 0 ? "" : strerror(errno));
}
}
I get it start to fail at 2, and if I add a "close(2)" at the top it
then fails at 1. This makes it effectively useless for the sandbox,
since there's nothing to stop a compromised slave recycling
descriptors. I'll look at adding a test for that and set SANDBOX_NULL
in that case.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list