- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, libc will attempt to open additional file descriptors for crypto offload and crash if they cannot be opened.
This commit is contained in:
parent
a92ac74104
commit
2035b2236d
|
@ -12,6 +12,10 @@
|
|||
[kex.c]
|
||||
dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
|
||||
ok dtucker@, noted by mancha
|
||||
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
|
||||
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
|
||||
libc will attempt to open additional file descriptors for crypto
|
||||
offload and crash if they cannot be opened.
|
||||
|
||||
20130125
|
||||
- (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.ac,v 1.562 2014/01/25 02:16:59 djm Exp $
|
||||
# $Id: configure.ac,v 1.563 2014/01/25 22:39:53 djm Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
|
@ -15,7 +15,7 @@
|
|||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
||||
AC_REVISION($Revision: 1.562 $)
|
||||
AC_REVISION($Revision: 1.563 $)
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
AC_LANG([C])
|
||||
|
||||
|
@ -780,6 +780,9 @@ mips-sony-bsd|mips-sony-newsos4)
|
|||
AC_DEFINE([BROKEN_STRNVIS], [1],
|
||||
[FreeBSD strnvis argument order is swapped compared to OpenBSD])
|
||||
TEST_MALLOC_OPTIONS="AJRX"
|
||||
# Preauth crypto occasionally uses file descriptors for crypto offload
|
||||
# and will crash if they cannot be opened.
|
||||
AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE])
|
||||
;;
|
||||
*-*-bsdi*)
|
||||
AC_DEFINE([SETEUID_BREAKS_SETUID])
|
||||
|
|
|
@ -75,9 +75,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
|
|||
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
|
||||
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
#endif
|
||||
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
|
|
|
@ -69,9 +69,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
|
|||
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
#endif
|
||||
#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
|
||||
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
#endif
|
||||
#ifdef HAVE_RLIMIT_NPROC
|
||||
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
|
||||
|
|
Loading…
Reference in New Issue