| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | systrace is dead. long live systrace. |   deraadt | 2016-05-07 | 1 | -205/+0 |
| | | |||||
| * | re-order system calls in order of risk, ok i'll be honest, ordered this | deraadt | 2015-10-02 | 1 | -12/+19 |
| | | | | | | way they look like tame... ok djm | ||||
| * | Permit kbind(2) use in the sandbox now, to ease testing of ld.so work using it |   guenther | 2015-07-27 | 1 | -1/+4 |
| | | | | | reminded by miod@, ok deraadt@ | ||||
| * | add getpid to sandbox, reachable by grace_alarm_handler |   djm | 2015-06-29 | 1 | -1/+2 |
| | | | | | reported by Jakub Jelen; bz#2419 | ||||
| * | getentropy() and sendsyslog() have been around long enough. | deraadt | 2015-05-18 | 1 | -15/+6 |
| | | | | | | openssh-portable may want the #ifdef's but not base. discussed with djm few weeks back | ||||
| * | Reduce use of <sys/param.h> and transition to <limits.h> throughout. | deraadt | 2015-01-20 | 1 | -2/+2 |
| | | | | | ok djm markus | ||||
| * | ifdef SYS_sendsyslog so this will compile without patching on -stable | djm | 2014-07-17 | 1 | -2/+3 |
| | | |||||
| * | Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, | deraadt | 2014-07-11 | 1 | -1/+2 |
| | | | | | | update your kernels and sshd soon.. libc will start using sendsyslog() in about 4 days. | ||||
| * | Now that we have a dedicated getentropy(2) system call for |   matthew | 2014-06-18 | 1 | -2/+8 |
| | | | | | | | | arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace sandbox. ok djm | ||||
| * | permit SYS_getentropy | deraadt | 2014-06-13 | 1 | -1/+2 |
| | | | | | from matthew | ||||
| * | replace most bzero with explicit_bzero, except a few that cna be memset |   tedu | 2014-01-31 | 1 | -2/+2 |
| | | | | | ok djm dtucker | ||||
| * | allow shutdown(2) syscall in sandbox - it may be called by packet_close() | djm | 2014-01-30 | 1 | -1/+2 |
| | | | | | from portable | ||||
| * | Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like |   dtucker | 2013-06-01 | 1 | -1/+2 |
| | | | | | | keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@. | ||||
| * | fix a during the load of the sandbox policies (child can still make |   markus | 2012-06-30 | 1 | -28/+27 |
| | | | | | | | the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@ | ||||
| * | Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation | dtucker | 2012-06-26 | 1 | -1/+2 |
| | | | | | sandbox" since malloc now uses it. From johnw.mail at gmail com. | ||||
| * | fail open(2) with EPERM rather than SIGKILLing the whole process. libc | djm | 2011-07-29 | 1 | -34/+44 |
| | | | | | | will call open() to do strerror() when NLS is enabled; feedback and ok markus@ | ||||
| * | rename sandbox.h => ssh-sandbox.h to make things easier for portable | djm | 2011-06-23 | 1 | -2/+2 |
| | | |||||
| * | $OpenBSD$ makers | djm | 2011-06-22 | 1 | -0/+1 |
| | | |||||
| * | introduce sandboxing of the pre-auth privsep child using systrace(4). | djm | 2011-06-22 | 1 | -0/+181 |
| This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@ | |||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |