Return to Makefile CVS log

Up to [local] / src / usr.bin / ssh / sshd

introduce sandboxing of the pre-auth privsep child using systrace(4).

This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.

The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.

UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.

feedback dtucker@; ok markus@

#	$OpenBSD: Makefile,v 1.73 2011/06/22 21:57:01 djm Exp $

.PATH:		${.CURDIR}/..

PROG=	sshd
BINOWN=	root
BINMODE=555
BINDIR=	/usr/sbin
MAN=	sshd.8 sshd_config.5

SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
	sshpty.c sshlogin.c servconf.c serverloop.c \
	auth.c auth1.c auth2.c auth-options.c session.c \
	auth-chall.c auth2-chall.c groupaccess.c \
	auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c auth2-jpake.c \
	auth2-none.c auth2-passwd.c auth2-pubkey.c \
	monitor_mm.c monitor.c monitor_wrap.c \
	kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
	roaming_common.c roaming_serv.c sandbox-systrace.c

.include <bsd.own.mk> # for KERBEROS and AFS

.if (${KERBEROS5:L} == "yes")
CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV -DGSSAPI
SRCS+=  auth-krb5.c auth2-gss.c gss-serv.c gss-serv-krb5.c
.endif

.include <bsd.prog.mk>

.if (${KERBEROS5:L} == "yes")
LDADD+= -lgssapi -lkrb5 -lkafs
DPADD+= ${LIBGSSAPI} ${LIBKRB5}
.endif

DPADD+=	${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
LDADD+=	-lcrypto -lutil -lz

.if (${TCP_WRAPPERS:L} == "yes")
CFLAGS+= -DLIBWRAP
DPADD+= ${LIBWRAP}
LDADD+= -lwrap
.endif