1. 17 Jan, 2014 1 commit
  2. 01 Jun, 2013 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 · b759c9c2
      Darren Tucker authored
           [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
           channels.c sandbox-systrace.c]
           Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
           keepalives and rekeying will work properly over clock steps.  Suggested by
           markus@, "looks good" djm@.
  3. 02 Jul, 2012 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2012/06/30 14:35:09 · 3b4b2d30
      Darren Tucker authored
           [sandbox-systrace.c sshd.c]
           fix a during the load of the sandbox policies (child can still make
           the read-syscall and wait forever for systrace-answers) by replacing
           the read/write synchronisation with SIGSTOP/SIGCONT;
           report and help hshoexer@; ok djm@, dtucker@
  4. 29 Jun, 2012 1 commit
  5. 05 Aug, 2011 1 commit
  6. 23 Jun, 2011 1 commit
  7. 22 Jun, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/06/22 21:57:01 · 69ff1df9
      Damien Miller authored
           [servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
           [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
           introduce sandboxing of the pre-auth privsep child using systrace(4).
           This introduces a new "UsePrivilegeSeparation=sandbox" option for
           sshd_config that applies mandatory restrictions on the syscalls the
           privsep child can perform. This prevents a compromised privsep child
           from being used to attack other hosts (by opening sockets and proxying)
           or probing local kernel attack surface.
           The sandbox is implemented using systrace(4) in unsupervised "fast-path"
           mode, where a list of permitted syscalls is supplied. Any syscall not
           on the list results in SIGKILL being sent to the privsep child. Note
           that this requires a kernel with the new SYSTR_POLICY_KILL option.
           UsePrivilegeSeparation=sandbox will become the default in the future
           so please start testing it now.
           feedback dtucker@; ok markus@