Rivoreo Source Code Repositories
src.rivoreo.one / security / openssh-library / 69ff1df952eebf0489b775a60ede094eaf596a05
commit69ff1df952eebf0489b775a60ede094eaf596a05[log] [download]
authorDamien Miller <djm@mindrot.org>Thu Jun 23 08:30:03 2011 +1000
committerDamien Miller <djm@mindrot.org>Thu Jun 23 08:30:03 2011 +1000
tree6eb76b4632b7c131e0fbb52d8ce7cccf658b6bfa
parent82c558761d0fa42dc954d62812b9e4b4a94f64bd [diff]
   - djm@cvs.openbsd.org 2011/06/22 21:57:01
     [servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).

     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.

     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.

     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.

     feedback dtucker@; ok markus@
10 files changed
tree: 6eb76b4632b7c131e0fbb52d8ce7cccf658b6bfa
  1. .cvsignore
  2. CREDITS
  3. ChangeLog
  4. INSTALL
  5. LICENCE
  6. Makefile.in
  7. OVERVIEW
  8. PROTOCOL
  9. PROTOCOL.agent
  10. PROTOCOL.certkeys
  11. PROTOCOL.mux
  12. README
  13. README.dns
  14. README.platform
  15. README.privsep
  16. README.tun
  17. TODO
  18. aclocal.m4
  19. acss.c
  20. acss.h
  21. addrmatch.c
  22. atomicio.c
  23. atomicio.h
  24. audit-bsm.c
  25. audit-linux.c
  26. audit.c
  27. audit.h
  28. auth-bsdauth.c
  29. auth-chall.c
  30. auth-krb5.c
  31. auth-options.c
  32. auth-options.h
  33. auth-pam.c
  34. auth-pam.h
  35. auth-passwd.c
  36. auth-rh-rsa.c
  37. auth-rhosts.c
  38. auth-rsa.c
  39. auth-shadow.c
  40. auth-sia.c
  41. auth-sia.h
  42. auth-skey.c
  43. auth.c
  44. auth.h
  45. auth1.c
  46. auth2-chall.c
  47. auth2-gss.c
  48. auth2-hostbased.c
  49. auth2-jpake.c
  50. auth2-kbdint.c
  51. auth2-none.c
  52. auth2-passwd.c
  53. auth2-pubkey.c
  54. auth2.c
  55. authfd.c
  56. authfd.h
  57. authfile.c
  58. authfile.h
  59. bufaux.c
  60. bufbn.c
  61. bufec.c
  62. buffer.c
  63. buffer.h
  64. buildpkg.sh.in
  65. canohost.c
  66. canohost.h
  67. channels.c
  68. channels.h
  69. cipher-3des1.c
  70. cipher-acss.c
  71. cipher-aes.c
  72. cipher-bf1.c
  73. cipher-ctr.c
  74. cipher.c
  75. cipher.h
  76. cleanup.c
  77. clientloop.c
  78. clientloop.h
  79. compat.c
  80. compat.h
  81. compress.c
  82. compress.h
  83. config.guess
  84. config.sub
  85. configure.ac
  86. contrib/
  87. crc32.c
  88. crc32.h
  89. deattack.c
  90. deattack.h
  91. defines.h
  92. dh.c
  93. dh.h
  94. dispatch.c
  95. dispatch.h
  96. dns.c
  97. dns.h
  98. entropy.c
  99. entropy.h
  100. fatal.c
  101. fixpaths
  102. fixprogs
  103. groupaccess.c
  104. groupaccess.h
  105. gss-genr.c
  106. gss-serv-krb5.c
  107. gss-serv.c
  108. hostfile.c
  109. hostfile.h
  110. includes.h
  111. install-sh
  112. jpake.c
  113. jpake.h
  114. kex.c
  115. kex.h
  116. kexdh.c
  117. kexdhc.c
  118. kexdhs.c
  119. kexecdh.c
  120. kexecdhc.c
  121. kexecdhs.c
  122. kexgex.c
  123. kexgexc.c
  124. kexgexs.c
  125. key.c
  126. key.h
  127. log.c
  128. log.h
  129. loginrec.c
  130. loginrec.h
  131. logintest.c
  132. mac.c
  133. mac.h
  134. match.c
  135. match.h
  136. md-sha256.c
  137. md5crypt.c
  138. md5crypt.h
  139. mdoc2man.awk
  140. misc.c
  141. misc.h
  142. mkinstalldirs
  143. moduli
  144. moduli.5
  145. moduli.c
  146. monitor.c
  147. monitor.h
  148. monitor_fdpass.c
  149. monitor_fdpass.h
  150. monitor_mm.c
  151. monitor_mm.h
  152. monitor_wrap.c
  153. monitor_wrap.h
  154. msg.c
  155. msg.h
  156. mux.c
  157. myproposal.h
  158. nchan.c
  159. nchan.ms
  160. nchan2.ms
  161. openbsd-compat/
  162. openssh.xml.in
  163. opensshd.init.in
  164. packet.c
  165. packet.h
  166. pathnames.h
  167. pkcs11.h
  168. platform.c
  169. platform.h
  170. progressmeter.c
  171. progressmeter.h
  172. readconf.c
  173. readconf.h
  174. readpass.c
  175. regress/
  176. rijndael.c
  177. rijndael.h
  178. roaming.h
  179. roaming_client.c
  180. roaming_common.c
  181. roaming_dummy.c
  182. roaming_serv.c
  183. rsa.c
  184. rsa.h
  185. sandbox-rlimit.c
  186. sandbox-systrace.c
  187. sandbox.h
  188. scard/
  189. schnorr.c
  190. schnorr.h
  191. scp.1
  192. scp.c
  193. servconf.c
  194. servconf.h
  195. serverloop.c
  196. serverloop.h
  197. session.c
  198. session.h
  199. sftp-client.c
  200. sftp-client.h
  201. sftp-common.c
  202. sftp-common.h
  203. sftp-glob.c
  204. sftp-server-main.c
  205. sftp-server.8
  206. sftp-server.c
  207. sftp.1
  208. sftp.c
  209. sftp.h
  210. ssh-add.1
  211. ssh-add.c
  212. ssh-agent.1
  213. ssh-agent.c
  214. ssh-dss.c
  215. ssh-ecdsa.c
  216. ssh-gss.h
  217. ssh-keygen.1
  218. ssh-keygen.c
  219. ssh-keyscan.1
  220. ssh-keyscan.c
  221. ssh-keysign.8
  222. ssh-keysign.c
  223. ssh-pkcs11-client.c
  224. ssh-pkcs11-helper.8
  225. ssh-pkcs11-helper.c
  226. ssh-pkcs11.c
  227. ssh-pkcs11.h
  228. ssh-rsa.c
  229. ssh.1
  230. ssh.c
  231. ssh.h
  232. ssh1.h
  233. ssh2.h
  234. ssh_config
  235. ssh_config.5
  236. sshconnect.c
  237. sshconnect.h
  238. sshconnect1.c
  239. sshconnect2.c
  240. sshd.8
  241. sshd.c
  242. sshd_config
  243. sshd_config.5
  244. sshlogin.c
  245. sshlogin.h
  246. sshpty.c
  247. sshpty.h
  248. sshtty.c
  249. survey.sh.in
  250. ttymodes.c
  251. ttymodes.h
  252. uidswap.c
  253. uidswap.h
  254. umac.c
  255. umac.h
  256. uuencode.c
  257. uuencode.h
  258. version.h
  259. xmalloc.c
  260. xmalloc.h