diff options
author | Damien Miller <djm@mindrot.org> | 2014-01-26 09:39:53 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-01-26 09:39:53 +1100 |
commit | 2035b2236d3b1f76c749c642a43e03c85eae76e6 (patch) | |
tree | 7e4d397d9f030d5180f6a9e1dab7d9f39e01d065 | |
parent | a92ac7410475fbb00383c7402aa954dc0a75ae19 (diff) | |
download | openssh-git-2035b2236d3b1f76c749c642a43e03c85eae76e6.tar.gz |
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | configure.ac | 7 | ||||
-rw-r--r-- | sandbox-capsicum.c | 2 | ||||
-rw-r--r-- | sandbox-rlimit.c | 2 |
4 files changed, 13 insertions, 2 deletions
@@ -12,6 +12,10 @@ [kex.c] dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) ok dtucker@, noted by mancha + - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable + RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, + libc will attempt to open additional file descriptors for crypto + offload and crash if they cannot be opened. 20130125 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD diff --git a/configure.ac b/configure.ac index 5e5e4d13..4a398418 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.562 2014/01/25 02:16:59 djm Exp $ +# $Id: configure.ac,v 1.563 2014/01/25 22:39:53 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.562 $) +AC_REVISION($Revision: 1.563 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -780,6 +780,9 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis argument order is swapped compared to OpenBSD]) TEST_MALLOC_OPTIONS="AJRX" + # Preauth crypto occasionally uses file descriptors for crypto offload + # and will crash if they cannot be opened. + AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE]) ;; *-*-bsdi*) AC_DEFINE([SETEUID_BREAKS_SETUID]) diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c index f648c6ec..ee2a7e79 100644 --- a/sandbox-capsicum.c +++ b/sandbox-capsicum.c @@ -75,9 +75,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); +#ifndef SANDBOX_SKIP_RLIMIT_NOFILE if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", __func__, strerror(errno)); diff --git a/sandbox-rlimit.c b/sandbox-rlimit.c index da91eb1b..bba80778 100644 --- a/sandbox-rlimit.c +++ b/sandbox-rlimit.c @@ -69,9 +69,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); #endif +#ifndef SANDBOX_SKIP_RLIMIT_NOFILE if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif #ifdef HAVE_RLIMIT_NPROC if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", |