search for: ssh_sandbox_child

Displaying 12 results from an estimated 12 matches for "ssh_sandbox_child".

2011 Jun 22
3
sandbox pre-auth privsep child
...ct ssh_sandbox { + int junk; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + box = xcalloc(1, sizeof(*box)); + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + /* Nothing to do here */ +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + /* Nothing to do here */ +} + +#endif /* SANDBOX_NULL */ Index: sandbox-rlimit....
2012 Jul 02
1
rlimit sandbox on cygwin
...-rlimit.c =================================================================== RCS file: /var/cvs/openssh/sandbox-rlimit.c,v retrieving revision 1.2 diff -u -p -r1.2 sandbox-rlimit.c --- sandbox-rlimit.c 23 Jun 2011 09:45:51 -0000 1.2 +++ sandbox-rlimit.c 2 Jul 2012 15:17:56 -0000 @@ -64,9 +64,11 @@ ssh_sandbox_child(struct ssh_sandbox *bo rl_zero.rlim_cur = rl_zero.rlim_max = 0; +#ifndef SANDBOX_SKIP_RLIMIT_FSIZE if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); +#endif if (setrlimit(RLIMIT_NOFILE, &rl_...
2024 Jun 15
11
[Bug 3702] New: sshd fork crashed when compiled with seccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=3702 Bug ID: 3702 Summary: sshd fork crashed when compiled with seccomp Product: Portable OpenSSH Version: 9.7p1 Hardware: ARM64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at
2022 Dec 20
37
[Bug 3512] New: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call)
...SH_8.6 pat OpenSSH* compat 0x04000000 debug2: fd 4 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 5800 debug3: preauth child monitor started debug3: privsep user:group 22:22 [preauth] debug1: permanently_set_uid: 22/22 [preauth] debug3: ssh_sandbox_child_debugging: installing SIGSYS handler [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth] debug1: list_hostkey_types: rsa...
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639 Bug ID: 3639 Summary: server thread aborts during client login after receiving SSH2_MSG_KEXINIT Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component:
2011 Jun 23
1
sandbox for OS X
...uct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + debug3("%s: preparing Darwin sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + char *errmsg; + + debug3("%s: starting Darwin sandbox", __func__); + if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED, + &errmsg) == -1) + fatal("%s: sandbox_init: %s", __func__, errmsg); +} + +void +ssh_sandbox_parent_finish(stru...
2016 Jun 03
3
[Bug 2581] New: Coverity patches from Fedora
...s also valid FD. 3. process_server_config_line: sAuthorizedPrincipalsFile option handles intptr, without any possible label (therefore always null), which is dead code (probably copy-paste error from sHostKeyFile) 4. box variable for sandbox context is not freed in the child process after calling ssh_sandbox_child(), which makes it memory leak. 5. server_accept_loop() allocates fdset variable, but does not free it in the end. These are the most obvious problems and it would be nice to have them addressed in the next release. -- You are receiving this mail because: You are watching the assignee of the bug...
2017 Sep 22
2
Call for testing: OpenSSH 7.6
...d how. Don't try to use ssh or sshd with this diff as it'll probably mess things up pretty good. diff --git a/ssh-sandbox.h b/ssh-sandbox.h index bd5fd83..6bd76b3 100644 --- a/ssh-sandbox.h +++ b/ssh-sandbox.h @@ -22,3 +22,4 @@ struct ssh_sandbox *ssh_sandbox_init(struct monitor *); void ssh_sandbox_child(struct ssh_sandbox *); void ssh_sandbox_parent_finish(struct ssh_sandbox *); void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); +#define setrlimit(x,y) (0) diff --git a/sshkey.c b/sshkey.c index e91c54f..cfdd437 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1394,8 +1394,11 @@ rsa_generate_p...
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
...H_8.1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 17293 debug3: preauth child monitor started debug3: privsep user:group 39:38 [preauth] debug1: permanently_set_uid: 39/38 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: Killing privsep child 17293 Adding --with-sandbox=rlimit to the configure option...
2020 Jul 07
3
libssh2 is hanging during a file transfert
...child is on pid 19151 Jul 7 11:52:15 TOTO sshd[19126]: debug3: preauth child monitor started Jul 7 11:52:15 TOTO sshd[19126]: debug3: privsep user:group 106:65534 [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug1: permanently_set_uid: 106/65534 [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth] Jul 7 11:52:15 TOTO sshd[19126]: debug3: send pac...
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at