CVS log for src/usr.bin/ssh/servconf.c

Request diff between arbitrary revisions

Default branch: MAIN
Current tag: OPENBSD_5_0

Revision 1.222 / (download) - annotate - [select for diffs], Wed Jun 22 21:57:01 2011 UTC (12 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE, OPENBSD_5_0
Changes since 1.221: +12 -3 lines
Diff to previous 1.221 (colored)

introduce sandboxing of the pre-auth privsep child using systrace(4).

This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.

The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.

UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.

feedback dtucker@; ok markus@

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Diffs between
and

Preferred Diff type:
View only Branch:
Sort log by: