From 2539dce2a049a8f6bb0d44cac51f07ad48e691d3 Mon Sep 17 00:00:00 2001 From: "deraadt@openbsd.org" Date: Fri, 9 Oct 2015 01:37:08 +0000 Subject: [PATCH] upstream commit Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2 --- Makefile.in | 2 +- configure.ac | 16 ++++++++-------- sandbox-tame.c => sandbox-pledge.c | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) rename sandbox-tame.c => sandbox-pledge.c (89%) diff --git a/Makefile.in b/Makefile.in index 8305cec9d..1a432d24b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -110,7 +110,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ - sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-tame.o + sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 diff --git a/configure.ac b/configure.ac index 1693cfae8..346a90c73 100644 --- a/configure.ac +++ b/configure.ac @@ -854,7 +854,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], [syslog_r function is safe to use in in a signal handler]) TEST_MALLOC_OPTIONS="AFGJPRX" - AC_CHECK_FUNCS([tame]) + AC_CHECK_FUNCS([pledge]) ;; *-*-solaris*) if test "x$withval" != "xno" ; then @@ -2998,7 +2998,7 @@ fi # Decide which sandbox style to use sandbox_arg="" AC_ARG_WITH([sandbox], - [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, tame)], + [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], [ if test "x$withval" = "xyes" ; then sandbox_arg="" @@ -3094,12 +3094,12 @@ AC_RUN_IFELSE( [AC_MSG_WARN([cross compiling: assuming yes])] ) -if test "x$sandbox_arg" = "xtame" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_tame" = "xyes" ) ; then - test "x$ac_cv_func_tame" != "xyes" && \ - AC_MSG_ERROR([tame sandbox requires tame(2) support]) - SANDBOX_STYLE="tame" - AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using tame(2)]) +if test "x$sandbox_arg" = "xpledge" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then + test "x$ac_cv_func_pledge" != "xyes" && \ + AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) + SANDBOX_STYLE="pledge" + AC_DEFINE([SANDBOX_TAME], [1], [Sandbox using pledge(2)]) elif test "x$sandbox_arg" = "xsystrace" || \ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then test "x$have_systr_policy_kill" != "x1" && \ diff --git a/sandbox-tame.c b/sandbox-pledge.c similarity index 89% rename from sandbox-tame.c rename to sandbox-pledge.c index daa3f3a74..1d3e247d7 100644 --- a/sandbox-tame.c +++ b/sandbox-pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox-tame.c,v 1.2 2015/10/02 15:52:55 deraadt Exp $ */ +/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */ /* * Copyright (c) 2015 Theo de Raadt * @@ -46,7 +46,7 @@ ssh_sandbox_init(struct monitor *m) { struct ssh_sandbox *box; - debug3("%s: preparing tame sandbox", __func__); + debug3("%s: preparing pledge sandbox", __func__); box = xcalloc(1, sizeof(*box)); box->child_pid = 0; @@ -56,8 +56,8 @@ ssh_sandbox_init(struct monitor *m) void ssh_sandbox_child(struct ssh_sandbox *box) { - if (tame("stdio", NULL) == -1) - fatal("%s: tame()", __func__); + if (pledge("stdio", NULL) == -1) + fatal("%s: pledge()", __func__); } void