Displaying 12 results from an estimated 12 matches for "ssh_sandbox_child".
2011 Jun 22
3
sandbox pre-auth privsep child
...ct ssh_sandbox {
+ int junk;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ box = xcalloc(1, sizeof(*box));
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ /* Nothing to do here */
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ free(box);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ /* Nothing to do here */
+}
+
+#endif /* SANDBOX_NULL */
Index: sandbox-rlimit....
2012 Jul 02
1
rlimit sandbox on cygwin
...-rlimit.c
===================================================================
RCS file: /var/cvs/openssh/sandbox-rlimit.c,v
retrieving revision 1.2
diff -u -p -r1.2 sandbox-rlimit.c
--- sandbox-rlimit.c 23 Jun 2011 09:45:51 -0000 1.2
+++ sandbox-rlimit.c 2 Jul 2012 15:17:56 -0000
@@ -64,9 +64,11 @@ ssh_sandbox_child(struct ssh_sandbox *bo
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+#ifndef SANDBOX_SKIP_RLIMIT_FSIZE
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
__func__, strerror(errno));
+#endif
if (setrlimit(RLIMIT_NOFILE, &rl_...
2024 Jun 15
11
[Bug 3702] New: sshd fork crashed when compiled with seccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=3702
Bug ID: 3702
Summary: sshd fork crashed when compiled with seccomp
Product: Portable OpenSSH
Version: 9.7p1
Hardware: ARM64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2022 Dec 20
37
[Bug 3512] New: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call)
...SH_8.6 pat OpenSSH* compat
0x04000000
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 5800
debug3: preauth child monitor started
debug3: privsep user:group 22:22 [preauth]
debug1: permanently_set_uid: 22/22 [preauth]
debug3: ssh_sandbox_child_debugging: installing SIGSYS handler
[preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug3: append_hostkey_type: ssh-rsa key not permitted by
HostkeyAlgorithms [preauth]
debug1: list_hostkey_types:
rsa...
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
Bug ID: 3639
Summary: server thread aborts during client login after
receiving SSH2_MSG_KEXINIT
Product: Portable OpenSSH
Version: 9.2p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component:
2011 Jun 23
1
sandbox for OS X
...uct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ debug3("%s: preparing Darwin sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ box->child_pid = 0;
+
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ char *errmsg;
+
+ debug3("%s: starting Darwin sandbox", __func__);
+ if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
+ &errmsg) == -1)
+ fatal("%s: sandbox_init: %s", __func__, errmsg);
+}
+
+void
+ssh_sandbox_parent_finish(stru...
2016 Jun 03
3
[Bug 2581] New: Coverity patches from Fedora
...s also valid FD.
3. process_server_config_line: sAuthorizedPrincipalsFile option handles
intptr, without any possible label (therefore always null), which is
dead code (probably copy-paste error from sHostKeyFile)
4. box variable for sandbox context is not freed in the child process
after calling ssh_sandbox_child(), which makes it memory leak.
5. server_accept_loop() allocates fdset variable, but does not free it
in the end.
These are the most obvious problems and it would be nice to have them
addressed in the next release.
--
You are receiving this mail because:
You are watching the assignee of the bug...
2017 Sep 22
2
Call for testing: OpenSSH 7.6
...d how.
Don't try to use ssh or sshd with this diff as it'll probably mess
things up pretty good.
diff --git a/ssh-sandbox.h b/ssh-sandbox.h
index bd5fd83..6bd76b3 100644
--- a/ssh-sandbox.h
+++ b/ssh-sandbox.h
@@ -22,3 +22,4 @@ struct ssh_sandbox *ssh_sandbox_init(struct monitor *);
void ssh_sandbox_child(struct ssh_sandbox *);
void ssh_sandbox_parent_finish(struct ssh_sandbox *);
void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
+#define setrlimit(x,y) (0)
diff --git a/sshkey.c b/sshkey.c
index e91c54f..cfdd437 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1394,8 +1394,11 @@ rsa_generate_p...
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
...H_8.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 17293
debug3: preauth child monitor started
debug3: privsep user:group 39:38 [preauth]
debug1: permanently_set_uid: 39/38 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 17293
Adding --with-sandbox=rlimit to the configure option...
2020 Jul 07
3
libssh2 is hanging during a file transfert
...child is on pid 19151
Jul 7 11:52:15 TOTO sshd[19126]: debug3: preauth child monitor started
Jul 7 11:52:15 TOTO sshd[19126]: debug3: privsep user:group 106:65534
[preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug1: permanently_set_uid: 106/65534
[preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: ssh_sandbox_child: setting
PR_SET_NO_NEW_PRIVS [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: ssh_sandbox_child: attaching
seccomp filter program [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug1: list_hostkey_types:
rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
Jul 7 11:52:15 TOTO sshd[19126]: debug3: send pac...
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi,
OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at