[src/trunk]: src/crypto/external/bsd/openssh/dist new openssh:

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/external/bsd/openssh/dist new openssh:
From: christos <christos%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 21:09:46 +0000
details:   https://anonhg.NetBSD.org/src/rev/e21a375a729a
branches:  trunk
changeset: 769355:e21a375a729a
user:      christos <christos%NetBSD.org@localhost>
date:      Tue Sep 06 20:17:08 2011 +0000

description:
new openssh:
See http://www.openssh.com/txt/release-5.9

diffstat:

 crypto/external/bsd/openssh/dist/sandbox-rlimit.c   |   87 +++++++++
 crypto/external/bsd/openssh/dist/sandbox-systrace.c |  192 ++++++++++++++++++++
 crypto/external/bsd/openssh/dist/ssh-sandbox.h      |   23 ++
 3 files changed, 302 insertions(+), 0 deletions(-)

diffs (truncated from 314 to 300 lines):

diff -r d5e48e0f1d36 -r e21a375a729a crypto/external/bsd/openssh/dist/sandbox-rlimit.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/sandbox-rlimit.c Tue Sep 06 20:17:08 2011 +0000
@@ -0,0 +1,87 @@
+/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm%mindrot.org@localhost>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
+
+struct ssh_sandbox {
+       pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+       struct ssh_sandbox *box;
+
+       /*
+        * Strictly, we don't need to maintain any state here but we need
+        * to return non-NULL to satisfy the API.
+        */
+       debug3("%s: preparing rlimit sandbox", __func__);
+       box = xcalloc(1, sizeof(*box));
+       box->child_pid = 0;
+
+       return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+       struct rlimit rl_zero;
+
+       rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+
+       if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+               fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+                       __func__, strerror(errno));
+       if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+               fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+                       __func__, strerror(errno));
+       if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+               fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+                       __func__, strerror(errno));
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+       free(box);
+       debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+       box->child_pid = child_pid;
+       /* Nothing to do here */
+}
+
diff -r d5e48e0f1d36 -r e21a375a729a crypto/external/bsd/openssh/dist/sandbox-systrace.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/sandbox-systrace.c       Tue Sep 06 20:17:08 2011 +0000
@@ -0,0 +1,192 @@
+/* $OpenBSD: sandbox-systrace.c,v 1.4 2011/07/29 14:42:45 djm Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm%mindrot.org@localhost>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/syscall.h>
+#include <sys/socket.h>
+
+#include <dev/systrace.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "atomicio.h"
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+struct sandbox_policy {
+       int syscall;
+       int action;
+};
+
+/* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */
+static const struct sandbox_policy preauth_policy[] = {
+       { SYS_open, SYSTR_POLICY_NEVER },
+
+       { SYS___sysctl, SYSTR_POLICY_PERMIT },
+       { SYS_close, SYSTR_POLICY_PERMIT },
+       { SYS_exit, SYSTR_POLICY_PERMIT },
+       { SYS_getpid, SYSTR_POLICY_PERMIT },
+       { SYS_gettimeofday, SYSTR_POLICY_PERMIT },
+       { SYS_madvise, SYSTR_POLICY_PERMIT },
+       { SYS_mmap, SYSTR_POLICY_PERMIT },
+       { SYS_mprotect, SYSTR_POLICY_PERMIT },
+       { SYS_poll, SYSTR_POLICY_PERMIT },
+       { SYS_munmap, SYSTR_POLICY_PERMIT },
+       { SYS_read, SYSTR_POLICY_PERMIT },
+       { SYS_select, SYSTR_POLICY_PERMIT },
+       { SYS_sigprocmask, SYSTR_POLICY_PERMIT },
+       { SYS_write, SYSTR_POLICY_PERMIT },
+       { -1, -1 }
+};
+
+struct ssh_sandbox {
+       int child_sock;
+       int parent_sock;
+       int systrace_fd;
+       pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+       struct ssh_sandbox *box;
+       int s[2];
+
+       debug3("%s: preparing systrace sandbox", __func__);
+       box = xcalloc(1, sizeof(*box));
+       if (socketpair(AF_UNIX, SOCK_STREAM, 0, s) == -1)
+               fatal("%s: socketpair: %s", __func__, strerror(errno));
+       box->child_sock = s[0];
+       box->parent_sock = s[1];
+       box->systrace_fd = -1;
+       box->child_pid = 0;
+
+       return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+       char whatever = 0;
+
+       close(box->parent_sock);
+       /* Signal parent that we are ready */
+       debug3("%s: ready", __func__);
+       if (atomicio(vwrite, box->child_sock, &whatever, 1) != 1)
+               fatal("%s: write: %s", __func__, strerror(errno));
+       /* Wait for parent to signal for us to go */
+       if (atomicio(read, box->child_sock, &whatever, 1) != 1)
+               fatal("%s: read: %s", __func__, strerror(errno));
+       debug3("%s: started", __func__);
+       close(box->child_sock);
+}
+
+static void
+ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
+    const struct sandbox_policy *allowed_syscalls)
+{
+       int dev_systrace, i, j, found;
+       char whatever = 0;
+       struct systrace_policy policy;
+
+       debug3("%s: wait for child %ld", __func__, (long)child_pid);
+       box->child_pid = child_pid;
+       close(box->child_sock);
+       /* Wait for child to signal that it is ready */
+       if (atomicio(read, box->parent_sock, &whatever, 1) != 1)
+               fatal("%s: read: %s", __func__, strerror(errno));
+       debug3("%s: child %ld ready", __func__, (long)child_pid);
+
+       /* Set up systracing of child */
+       if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1)
+               fatal("%s: open(\"/dev/systrace\"): %s", __func__,
+                   strerror(errno));
+       if (ioctl(dev_systrace, STRIOCCLONE, &box->systrace_fd) == -1)
+               fatal("%s: ioctl(STRIOCCLONE, %d): %s", __func__,
+                   dev_systrace, strerror(errno));
+       close(dev_systrace);
+       debug3("%s: systrace attach, fd=%d", __func__, box->systrace_fd);
+       if (ioctl(box->systrace_fd, STRIOCATTACH, &child_pid) == -1)
+               fatal("%s: ioctl(%d, STRIOCATTACH, %d): %s", __func__,
+                   box->systrace_fd, child_pid, strerror(errno));
+
+       /* Allocate and assign policy */
+       bzero(&policy, sizeof(policy));
+       policy.strp_op = SYSTR_POLICY_NEW;
+       policy.strp_maxents = SYS_MAXSYSCALL;
+       if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
+               fatal("%s: ioctl(%d, STRIOCPOLICY (new)): %s", __func__,
+                   box->systrace_fd, strerror(errno));
+
+       policy.strp_op = SYSTR_POLICY_ASSIGN;
+       policy.strp_pid = box->child_pid;
+       if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
+               fatal("%s: ioctl(%d, STRIOCPOLICY (assign)): %s",
+                   __func__, box->systrace_fd, strerror(errno));
+
+       /* Set per-syscall policy */
+       for (i = 0; i < SYS_MAXSYSCALL; i++) {
+               found = 0;
+               for (j = 0; allowed_syscalls[j].syscall != -1; j++) {
+                       if (allowed_syscalls[j].syscall == i) {
+                               found = 1;
+                               break;
+                       }
+               }
+               policy.strp_op = SYSTR_POLICY_MODIFY;
+               policy.strp_code = i;
+               policy.strp_policy = found ?
+                   allowed_syscalls[j].action : SYSTR_POLICY_KILL;
+               if (found)
+                       debug3("%s: policy: enable syscall %d", __func__, i);
+               if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
+                       fatal("%s: ioctl(%d, STRIOCPOLICY (modify)): %s",
+                           __func__, box->systrace_fd, strerror(errno));
+       }
+
+       /* Signal the child to start running */
+       debug3("%s: start child %ld", __func__, (long)child_pid);
+       if (atomicio(vwrite, box->parent_sock, &whatever, 1) != 1)
+               fatal("%s: write: %s", __func__, strerror(errno));
+       close(box->parent_sock);
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+       /* Closing this before the child exits will terminate it */
+       close(box->systrace_fd);
+
+       free(box);
+       debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+       ssh_sandbox_parent(box, child_pid, preauth_policy);
+}
diff -r d5e48e0f1d36 -r e21a375a729a crypto/external/bsd/openssh/dist/ssh-sandbox.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/ssh-sandbox.h    Tue Sep 06 20:17:08 2011 +0000
@@ -0,0 +1,23 @@
+/* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm%mindrot.org@localhost>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
Prev by Date: [src/trunk]: src Build and install the skeleton manpage for devpubd - it's be...
Next by Date: [src/trunk]: src/usr.sbin/postinstall /etc/defaults/rc.conf can be modified a...
Previous by Thread: [src/trunk]: src Build and install the skeleton manpage for devpubd - it's be...
Next by Thread: [src/trunk]: src/usr.sbin/postinstall /etc/defaults/rc.conf can be modified a...
Indexes:
Home | Main Index | Thread Index | Old Index