src/usr.bin/ssh/sandbox-pledge.c - annotate

Return to sandbox-pledge.c CVS log
Up to [local] / src / usr.bin / ssh
Annotation of src/usr.bin/ssh/sandbox-pledge.c, Revision 1.1

1.1     ! deraadt     1: /* $OpenBSD: sandbox-pledge.c,v 1.2 2015/10/02 15:52:32 deraadt Exp $ */
        !             2: /*
        !             3:  * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
        !             4:  *
        !             5:  * Permission to use, copy, modify, and distribute this software for any
        !             6:  * purpose with or without fee is hereby granted, provided that the above
        !             7:  * copyright notice and this permission notice appear in all copies.
        !             8:  *
        !             9:  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
        !            10:  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
        !            11:  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
        !            12:  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
        !            13:  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
        !            14:  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
        !            15:  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
        !            16:  */
        !            17:
        !            18: #include <sys/types.h>
        !            19: #include <sys/ioctl.h>
        !            20: #include <sys/syscall.h>
        !            21: #include <sys/socket.h>
        !            22: #include <sys/wait.h>
        !            23:
        !            24: #include <errno.h>
        !            25: #include <limits.h>
        !            26: #include <stdarg.h>
        !            27: #include <stdio.h>
        !            28: #include <stdlib.h>
        !            29: #include <unistd.h>
        !            30: #include <pwd.h>
        !            31:
        !            32: #include "log.h"
        !            33: #include "ssh-sandbox.h"
        !            34: #include "xmalloc.h"
        !            35:
        !            36: struct ssh_sandbox {
        !            37:        pid_t child_pid;
        !            38: };
        !            39:
        !            40: struct ssh_sandbox *
        !            41: ssh_sandbox_init(void)
        !            42: {
        !            43:        struct ssh_sandbox *box;
        !            44:
        !            45:        debug3("%s: preparing pledge sandbox", __func__);
        !            46:        box = xcalloc(1, sizeof(*box));
        !            47:        box->child_pid = 0;
        !            48:
        !            49:        return box;
        !            50: }
        !            51:
        !            52: void
        !            53: ssh_sandbox_child(struct ssh_sandbox *box)
        !            54: {
        !            55:        if (pledge("stdio", NULL) == -1)
        !            56:                fatal("%s: pledge()", __func__);
        !            57: }
        !            58:
        !            59: void
        !            60: ssh_sandbox_parent_finish(struct ssh_sandbox *box)
        !            61: {
        !            62:        free(box);
        !            63:        debug3("%s: finished", __func__);
        !            64: }
        !            65:
        !            66: void
        !            67: ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
        !            68: {
        !            69:        box->child_pid = child_pid;
        !            70:        /* Nothing to do here */
        !            71: }