delta/openssh-git.git - anongit.mindrot.org: openssh.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	upstream: use the new variant log macros instead of prepending	djm@openbsd.org	2020-10-18	1	-9/+9
\| \| \| \| \| \|	__func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
*	upstream commit	deraadt@openbsd.org	2016-09-12	1	-2/+1
\| \| \| \| \| \| \| \|	Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
*	- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable	Damien Miller	2014-01-26	1	-0/+2
\| \| \| \| \| \|	RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, libc will attempt to open additional file descriptors for crypto offload and crash if they cannot be opened.
*	- (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]	Damien Miller	2014-01-17	1	-1/+1
\| \| \| \| \| \| \|	[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
*	- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not	Darren Tucker	2012-07-03	1	-0/+2
\| \| \| \| \| \|	setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its benefit is minor, so it's not worth disabling the sandbox if it doesn't work.
*	- djm@cvs.openbsd.org 2011/06/23 09:34:13	Damien Miller	2011-06-23	1	-1/+2
\| \| \| \| \| \|	[sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] [sandbox-null.c] rename sandbox.h => ssh-sandbox.h to make things easier for portable
*	- djm@cvs.openbsd.org 2011/06/22 21:57:01	Damien Miller	2011-06-23	1	-0/+92
	[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@