tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Change all tame callers to namechange to pledge(2).

Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
This commit is contained in:
deraadt@openbsd.org 2015-10-09 01:37:08 +00:00 committed by Damien Miller
parent 9846a2f406
commit 2539dce2a0
3 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.in
View File

@ -110,7 +110,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
sftp-server.o sftp-common.o \ sftp-server.o sftp-common.o \
roaming_common.o roaming_serv.o \ roaming_common.o roaming_serv.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-tame.o sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5

16
configure.ac
View File

@ -854,7 +854,7 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
[syslog_r function is safe to use in in a signal handler]) [syslog_r function is safe to use in in a signal handler])
TEST_MALLOC_OPTIONS="AFGJPRX" TEST_MALLOC_OPTIONS="AFGJPRX"
AC_CHECK_FUNCS([tame]) AC_CHECK_FUNCS([pledge])
;; ;;
*-*-solaris*) *-*-solaris*)
if test "x$withval" != "xno" ; then if test "x$withval" != "xno" ; then
@ -2998,7 +2998,7 @@ fi
# Decide which sandbox style to use # Decide which sandbox style to use
sandbox_arg="" sandbox_arg=""
AC_ARG_WITH([sandbox], AC_ARG_WITH([sandbox],
[ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, tame)], [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
[ [
if test "x$withval" = "xyes" ; then if test "x$withval" = "xyes" ; then
sandbox_arg="" sandbox_arg=""
@ -3094,12 +3094,12 @@ AC_RUN_IFELSE(
[AC_MSG_WARN([cross compiling: assuming yes])] [AC_MSG_WARN([cross compiling: assuming yes])]
) )
if test "x$sandbox_arg" = "xtame" || \ if test "x$sandbox_arg" = "xpledge" || \
( test -z "$sandbox_arg" && test "x$ac_cv_func_tame" = "xyes" ) ; then ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
test "x$ac_cv_func_tame" != "xyes" && \ test "x$ac_cv_func_pledge" != "xyes" && \
AC_MSG_ERROR([tame sandbox requires tame(2) support]) AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
SANDBOX_STYLE="tame" SANDBOX_STYLE="pledge"
AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using tame(2)]) AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using pledge(2)])
elif test "x$sandbox_arg" = "xsystrace" || \ elif test "x$sandbox_arg" = "xsystrace" || \
( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
test "x$have_systr_policy_kill" != "x1" && \ test "x$have_systr_policy_kill" != "x1" && \

8
sandbox-tame.c → sandbox-pledge.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sandbox-tame.c,v 1.2 2015/10/02 15:52:55 deraadt Exp $ */ /* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */
/* /*
* Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
* *
@ -46,7 +46,7 @@ ssh_sandbox_init(struct monitor *m)
{ {
struct ssh_sandbox *box; struct ssh_sandbox *box;
debug3("%s: preparing tame sandbox", __func__); debug3("%s: preparing pledge sandbox", __func__);
box = xcalloc(1, sizeof(*box)); box = xcalloc(1, sizeof(*box));
box->child_pid = 0; box->child_pid = 0;
@ -56,8 +56,8 @@ ssh_sandbox_init(struct monitor *m)
void void
ssh_sandbox_child(struct ssh_sandbox *box) ssh_sandbox_child(struct ssh_sandbox *box)
{ {
if (tame("stdio", NULL) == -1) if (pledge("stdio", NULL) == -1)
fatal("%s: tame()", __func__); fatal("%s: pledge()", __func__);
} }
void void