diff options
| author |   deraadt <deraadt@openbsd.org> | 2018-08-07 18:36:49 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2018-08-07 18:36:49 +0000 |
| commit | 8d92522dc6063ff7e047485d5bcefec38dc25c4c (patch) | |
| tree | 926c0a4dc48a0e2cfb77f034b78af51911fa122f /usr.bin/ssh/ssh-keygen.c | |
| parent | unveil can be used to restrict access to utmp and /dev (diff) | |
| download | wireguard-openbsd-8d92522dc6063ff7e047485d5bcefec38dc25c4c.tar.xz wireguard-openbsd-8d92522dc6063ff7e047485d5bcefec38dc25c4c.zip | |
Unveil fits nicely into the syslogd privsep model. Unveiled files
include config file "r", utmp "r", /dev "rw", /bin/sh "x" for running
piped commands, and the syslogd binary "x" itself for HUP re-exec upon
config loads with changes. Also unveiled in the privsep process are
the specific log files being written to.
If a config file reload changes no files, the existing privsep process
keeps running with unveil's to the relevant files (therefore it can
cope with newsyslogd taking files away). If a new config file is loaded
which changes the output files, the privsep process is restarted with
fork+exec, and installs new unveils as needed. The safety we gain from
unveil is that we've pigeonholed the privsep file-writer to exactly the
files required.
Help from bluhm for some edge cases.
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
0 files changed, 0 insertions, 0 deletions