RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-26 03:42:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,189 Commits 69 Branches 157 Tags 27 MiB
fd4e4f2416
Commit Graph

14 Commits

Author SHA1 Message Date
Damien Miller
26ad182472 allow getrandom syscall; from Felix von Leitner 2015-09-10 10:57:41 +10:00
djm@openbsd.org
512caddf59 upstream commit 
add getpid to sandbox, reachable by grace_alarm_handler

reported by Jakub Jelen; bz#2419

Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
 2015-06-30 08:36:34 +10:00
Damien Miller
bc20205c91 add missing pselect6 
patch from Jakub Jelen
 2015-06-25 09:51:39 +10:00
Damien Miller
97e2e1596c trivial optimisation for seccomp-bpf 
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
 2015-06-17 14:36:54 +10:00
Damien Miller
99f33d7304 aarch64 support for seccomp-bpf sandbox 
Also resort and tidy syscall list. Based on patches by Jakub Jelen
bz#2361; ok dtucker@
 2015-06-17 10:50:51 +10:00
Damien Miller
0fa0ed061b - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc; 
patch from Felix von Leitner; ok dtucker
 2014-09-10 08:15:34 +10:00
Damien Miller
48abc47e60 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to 
remind myself to add sandbox violation logging via the log socket.
 2014-03-17 14:45:56 +11:00
Damien Miller
6434cb2cfb - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define 
__NR_shutdown; some go via the socketcall(2) multiplexer.
 2014-02-06 11:17:50 +11:00
Damien Miller
7e5cec6070 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) 
syscall from sandboxes; it may be called by packet_close.
 2014-01-31 09:25:34 +11:00
Damien Miller
868ea1ea1c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
   [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
   using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
   Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
 2014-01-17 16:47:04 +11:00
Darren Tucker
e9887d1c37 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. 2013-06-02 09:17:09 +10:00
Damien Miller
91f40d8592 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
       ok dtucker
 2013-02-22 11:37:00 +11:00
Damien Miller
a0433a7096 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is 
not available. Allows use of sshd compiled on host with a filter-capable
   kernel on hosts that lack the support. bz#2011 ok dtucker@
 2012-07-06 10:27:10 +10:00
Damien Miller
e0956e3834 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox 
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
   and ok dtucker@
 2012-04-04 11:27:54 +10:00