search for: ksbxprofilepurecomputation

https://bugzilla.mindrot.org/show_bug.cgi?id=2407 Bug ID: 2407 Summary: OpenSSH uses deprecated APIs on MacOS Product: Portable OpenSSH Version: -current Hardware: All OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

...It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to rename a header in OpenSSH. Anyway, the OS X sandbox uses the strictest of the canned policies: "kSBXProfilePureComputation". It passes regress tests and seems to deny calls to fork() as expected. Barring objections, I'll commit this soon - please test. Anyone want to write a FreeBSD capsicum sandbox while I sleep? Take a look at one of the existing sandbox-*c for the API, it's pretty trivial... -d Index...

...ls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option (only OpenBSD has this mode at present). The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a strict (kSBXProfilePureComputation) policy that disables access to filesystem and network resources. The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child...

...ls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option (only OpenBSD has this mode at present). The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a strict (kSBXProfilePureComputation) policy that disables access to filesystem and network resources. The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child...

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

...ls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option (only OpenBSD has this mode at present). The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a strict (kSBXProfilePureComputation) policy that disables access to filesystem and network resources. The rlimit sandbox is a fallback choice for platforms that don't support a better one; it uses setrlimit() to reset the hard-limit of file descriptors and processes to zero, which should prevent the privsep child...

...call not > on the list results in SIGKILL being sent to the privsep child. Note > that this requires a kernel with the new SYSTR_POLICY_KILL option > (only OpenBSD has this mode at present). > > The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a > strict (kSBXProfilePureComputation) policy that disables access to > filesystem and network resources. > > The rlimit sandbox is a fallback choice for platforms that don't > support a better one; it uses setrlimit() to reset the hard-limit > of file descriptors and processes to zero, which should prevent &...