mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its benefit is minor, so it's not worth disabling the sandbox if it doesn't work.
This commit is contained in:
parent
60395f91c6
commit
d545a4b974
@ -1,6 +1,10 @@
|
|||||||
20120703
|
20120703
|
||||||
- (dtucker) [configure.ac] Detect platforms that can't use select(2) with
|
- (dtucker) [configure.ac] Detect platforms that can't use select(2) with
|
||||||
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
|
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
|
||||||
|
- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
|
||||||
|
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
|
||||||
|
benefit is minor, so it's not worth disabling the sandbox if it doesn't
|
||||||
|
work.
|
||||||
|
|
||||||
20120702
|
20120702
|
||||||
- (dtucker) OpenBSD CVS Sync
|
- (dtucker) OpenBSD CVS Sync
|
||||||
|
23
configure.ac
23
configure.ac
@ -1,4 +1,4 @@
|
|||||||
# $Id: configure.ac,v 1.493 2012/07/03 04:31:18 dtucker Exp $
|
# $Id: configure.ac,v 1.494 2012/07/03 12:48:31 dtucker Exp $
|
||||||
#
|
#
|
||||||
# Copyright (c) 1999-2004 Damien Miller
|
# Copyright (c) 1999-2004 Damien Miller
|
||||||
#
|
#
|
||||||
@ -15,7 +15,7 @@
|
|||||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
||||||
AC_REVISION($Revision: 1.493 $)
|
AC_REVISION($Revision: 1.494 $)
|
||||||
AC_CONFIG_SRCDIR([ssh.c])
|
AC_CONFIG_SRCDIR([ssh.c])
|
||||||
AC_LANG([C])
|
AC_LANG([C])
|
||||||
|
|
||||||
@ -2615,6 +2615,25 @@ AC_RUN_IFELSE(
|
|||||||
[AC_MSG_WARN([cross compiling: assuming yes])]
|
[AC_MSG_WARN([cross compiling: assuming yes])]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
|
||||||
|
AC_RUN_IFELSE(
|
||||||
|
[AC_LANG_PROGRAM([[
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/resource.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
]],[[
|
||||||
|
struct rlimit rl_zero;
|
||||||
|
|
||||||
|
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
|
||||||
|
exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
|
||||||
|
]])],
|
||||||
|
[AC_MSG_RESULT([yes])],
|
||||||
|
[AC_MSG_RESULT([no])
|
||||||
|
AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
|
||||||
|
[setrlimit RLIMIT_FSIZE works])],
|
||||||
|
[AC_MSG_WARN([cross compiling: assuming yes])]
|
||||||
|
)
|
||||||
|
|
||||||
if test "x$sandbox_arg" = "xsystrace" || \
|
if test "x$sandbox_arg" = "xsystrace" || \
|
||||||
( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
|
( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
|
||||||
test "x$have_systr_policy_kill" != "x1" && \
|
test "x$have_systr_policy_kill" != "x1" && \
|
||||||
|
@ -64,9 +64,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
|
|||||||
|
|
||||||
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
|
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
|
||||||
|
|
||||||
|
#ifndef SANDBOX_SKIP_RLIMIT_FSIZE
|
||||||
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
|
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
|
||||||
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
|
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
|
||||||
__func__, strerror(errno));
|
__func__, strerror(errno));
|
||||||
|
#endif
|
||||||
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
|
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
|
||||||
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
|
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
|
||||||
__func__, strerror(errno));
|
__func__, strerror(errno));
|
||||||
|
Loading…
Reference in New Issue
Block a user