![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.19, Sat May 7 19:56:59 2016 UTC (8 years ago) by deraadt
Branch: MAIN
CVS Tags: HEAD
Changes since 1.18: +1 -1 lines
FILE REMOVED
systrace is dead. long live systrace.
Revision 1.18 / (download) - annotate - [select for diffs], Fri Oct 2 01:39:26 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.17: +19 -12 lines
Diff to previous 1.17 (colored) to selected 1.11 (colored)
re-order system calls in order of risk, ok i'll be honest, ordered this way they look like tame... ok djm
Revision 1.17 / (download) - annotate - [select for diffs], Mon Jul 27 16:29:23 2015 UTC (8 years, 10 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.16: +4 -1 lines
Diff to previous 1.16 (colored) to selected 1.11 (colored)
Permit kbind(2) use in the sandbox now, to ease testing of ld.so work using it reminded by miod@, ok deraadt@
Revision 1.16 / (download) - annotate - [select for diffs], Mon Jun 29 22:35:12 2015 UTC (8 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored) to selected 1.11 (colored)
add getpid to sandbox, reachable by grace_alarm_handler reported by Jakub Jelen; bz#2419
Revision 1.15 / (download) - annotate - [select for diffs], Mon May 18 15:06:05 2015 UTC (9 years ago) by deraadt
Branch: MAIN
Changes since 1.14: +6 -15 lines
Diff to previous 1.14 (colored) to selected 1.11 (colored)
getentropy() and sendsyslog() have been around long enough. openssh-portable may want the #ifdef's but not base. discussed with djm few weeks back
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jan 20 23:14:00 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored) to selected 1.11 (colored)
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jul 17 00:10:56 2014 UTC (9 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.12: +3 -2 lines
Diff to previous 1.12 (colored) to selected 1.11 (colored)
ifdef SYS_sendsyslog so this will compile without patching on -stable
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jul 11 08:09:54 2014 UTC (9 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)
Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, update your kernels and sshd soon.. libc will start using sendsyslog() in about 4 days.
Revision 1.11 / (download) - annotate - [selected], Wed Jun 18 02:59:13 2014 UTC (9 years, 11 months ago) by matthew
Branch: MAIN
Changes since 1.10: +8 -2 lines
Diff to previous 1.10 (colored)
Now that we have a dedicated getentropy(2) system call for arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace sandbox. ok djm
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jun 13 08:26:29 2014 UTC (9 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored) to selected 1.11 (colored)
permit SYS_getentropy from matthew
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jan 31 16:39:19 2014 UTC (10 years, 4 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored) to selected 1.11 (colored)
replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
Revision 1.8 / (download) - annotate - [select for diffs], Thu Jan 30 22:26:14 2014 UTC (10 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored) to selected 1.11 (colored)
allow shutdown(2) syscall in sandbox - it may be called by packet_close() from portable
Revision 1.7 / (download) - annotate - [select for diffs], Sat Jun 1 13:15:52 2013 UTC (11 years ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored) to selected 1.11 (colored)
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Jun 30 14:35:09 2012 UTC (11 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.5: +27 -28 lines
Diff to previous 1.5 (colored) to selected 1.11 (colored)
fix a during the load of the sandbox policies (child can still make the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 26 11:02:30 2012 UTC (11 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored) to selected 1.11 (colored)
Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation sandbox" since malloc now uses it. From johnw.mail at gmail com.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jul 29 14:42:45 2011 UTC (12 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.3: +44 -34 lines
Diff to previous 1.3 (colored) to selected 1.11 (colored)
fail open(2) with EPERM rather than SIGKILLing the whole process. libc will call open() to do strerror() when NLS is enabled; feedback and ok markus@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jun 23 09:34:13 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored) to selected 1.11 (colored)
rename sandbox.h => ssh-sandbox.h to make things easier for portable
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jun 22 22:14:05 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.1: +1 -0 lines
Diff to previous 1.1 (colored) to selected 1.11 (colored)
$OpenBSD$ makers
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jun 22 21:57:01 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
Diff to selected 1.11 (colored)
introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@