vishalmishra434 / rpms / openssh

Forked from rpms/openssh 3 months ago
Clone
Jan F. Chadima c870e6
diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in
Jan F. Chadima 28b0dc
--- openssh-5.9p1/Makefile.in.sesandbox	2011-09-19 04:10:05.706521484 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/Makefile.in	2011-09-19 04:10:15.092646473 +0200
Jan F. Chadima c870e6
@@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
Jan F. Chadima c870e6
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
Jan F. Chadima c870e6
 	sftp-server.o sftp-common.o \
Jan F. Chadima c870e6
 	roaming_common.o roaming_serv.o \
Jan F. Chadima c870e6
-	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
Jan F. Chadima c870e6
+	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-selinux.o
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
 MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
Jan F. Chadima c870e6
 MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
Jan F. Chadima c870e6
diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
Jan F. Chadima c870e6
--- openssh-5.9p1/configure.ac.sesandbox	2011-08-18 06:48:24.000000000 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/configure.ac	2011-09-19 04:10:15.193521356 +0200
Jan F. Chadima c870e6
@@ -2476,7 +2476,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
Jan F. Chadima c870e6
 # Decide which sandbox style to use
Jan F. Chadima c870e6
 sandbox_arg=""
Jan F. Chadima c870e6
 AC_ARG_WITH([sandbox],
Jan F. Chadima c870e6
-	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
Jan F. Chadima c870e6
+	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, selinux)],
Jan F. Chadima c870e6
 	[
Jan F. Chadima c870e6
 		if test "x$withval" = "xyes" ; then
Jan F. Chadima c870e6
 			sandbox_arg=""
Jan F. Chadima c870e6
@@ -2499,6 +2499,10 @@ elif test "x$sandbox_arg" = "xdarwin" ||
Jan F. Chadima c870e6
 		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
Jan F. Chadima c870e6
 	SANDBOX_STYLE="darwin"
Jan F. Chadima c870e6
 	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
Jan F. Chadima cff1d0
+elif test "x$sandbox_arg" = "xselinux"  || \
Jan F. Chadima c870e6
+    test "x$WITH_SELINUX" = "x1"; then
Jan F. Chadima c870e6
+	SANDBOX_STYLE="selinux"
Jan F. Chadima c870e6
+	AC_DEFINE([SANDBOX_SELINUX], [1], [Sandbox using selinux(8)])
Jan F. Chadima c870e6
 elif test "x$sandbox_arg" = "xrlimit" || \
Jan F. Chadima c870e6
      ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
Jan F. Chadima c870e6
 	test "x$ac_cv_func_setrlimit" != "xyes" && \
Jan F. Chadima c870e6
diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openbsd-compat/port-linux.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox	2011-09-19 04:10:14.731521450 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/openbsd-compat/port-linux.c	2011-09-19 04:10:15.292521265 +0200
Jan F. Chadima c870e6
@@ -459,24 +459,24 @@ ssh_selinux_setup_pty(char *pwname, cons
Jan F. Chadima c870e6
 	debug3("%s: done", __func__);
Jan F. Chadima c870e6
 }
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
-void
Jan F. Chadima c870e6
+int
Jan F. Chadima c870e6
 ssh_selinux_change_context(const char *newname)
Jan F. Chadima c870e6
 {
Jan F. Chadima c870e6
-	int len, newlen;
Jan F. Chadima c870e6
+	int len, newlen, rv = -1;
Jan F. Chadima c870e6
 	char *oldctx, *newctx, *cx;
Jan F. Chadima c870e6
 	void (*switchlog) (const char *fmt,...) = logit;
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
 	if (!ssh_selinux_enabled())
Jan F. Chadima c870e6
-		return;
Jan F. Chadima c870e6
+		return -2;
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
 	if (getcon((security_context_t *)&oldctx) < 0) {
Jan F. Chadima c870e6
 		logit("%s: getcon failed with %s", __func__, strerror(errno));
Jan F. Chadima c870e6
-		return;
Jan F. Chadima c870e6
+		return -1;
Jan F. Chadima c870e6
 	}
Jan F. Chadima c870e6
 	if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
Jan F. Chadima c870e6
 	    NULL) {
Jan F. Chadima c870e6
 		logit ("%s: unparseable context %s", __func__, oldctx);
Jan F. Chadima c870e6
-		return;
Jan F. Chadima c870e6
+		return -1;
Jan F. Chadima c870e6
 	}
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
 	/*
Jan F. Chadima c870e6
@@ -484,8 +484,10 @@ ssh_selinux_change_context(const char *n
Jan F. Chadima c870e6
 	 * security context.
Jan F. Chadima c870e6
 	 */
Jan F. Chadima c870e6
 	if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
Jan F. Chadima c870e6
-	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
Jan F. Chadima c870e6
+	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) {
Jan F. Chadima c870e6
 		switchlog = debug3;
Jan F. Chadima c870e6
+		rv = -2;
Jan F. Chadima c870e6
+	}
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
 	newlen = strlen(oldctx) + strlen(newname) + 1;
Jan F. Chadima c870e6
 	newctx = xmalloc(newlen);
Jan F. Chadima c870e6
@@ -499,8 +501,11 @@ ssh_selinux_change_context(const char *n
Jan F. Chadima c870e6
 	if (setcon(newctx) < 0)
Jan F. Chadima c870e6
 		switchlog("%s: setcon %s from %s failed with %s", __func__,
Jan F. Chadima c870e6
 		    newctx, oldctx, strerror(errno));
Jan F. Chadima c870e6
+	else
Jan F. Chadima c870e6
+		rv = 0;
Jan F. Chadima c870e6
 	xfree(oldctx);
Jan F. Chadima c870e6
 	xfree(newctx);
Jan F. Chadima c870e6
+	return rv;
Jan F. Chadima c870e6
 }
Jan F. Chadima c870e6
 
Jan F. Chadima c870e6
 void
Jan F. Chadima c870e6
diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openbsd-compat/port-linux.h
Jan F. Chadima 28b0dc
--- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox	2011-09-19 04:10:14.817647868 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/openbsd-compat/port-linux.h	2011-09-19 04:10:15.401648009 +0200
Jan F. Chadima c870e6
@@ -23,7 +23,7 @@
Jan F. Chadima c870e6
 int ssh_selinux_enabled(void);
Jan F. Chadima c870e6
 void ssh_selinux_setup_pty(char *, const char *);
Jan F. Chadima c870e6
 void ssh_selinux_setup_exec_context(char *);
Jan F. Chadima c870e6
-void ssh_selinux_change_context(const char *);
Jan F. Chadima c870e6
+int ssh_selinux_change_context(const char *);
Jan F. Chadima c870e6
 void ssh_selinux_chopy_context(void);
Jan F. Chadima c870e6
 void ssh_selinux_setfscreatecon(const char *);
Jan F. Chadima c870e6
 #endif
Jan F. Chadima 28b0dc
diff -up openssh-5.9p1/sandbox-darwin.c.sesandbox openssh-5.9p1/sandbox-darwin.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/sandbox-darwin.c.sesandbox	2011-06-26 23:18:21.000000000 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/sandbox-darwin.c	2011-09-19 04:10:15.490523231 +0200
Jan F. Chadima 28b0dc
@@ -83,6 +83,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
Jan F. Chadima 28b0dc
 }
Jan F. Chadima 28b0dc
 
Jan F. Chadima 28b0dc
 void
Jan F. Chadima 28b0dc
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
+{
Jan F. Chadima 28b0dc
+	/* empty */
Jan F. Chadima 28b0dc
+}
Jan F. Chadima 28b0dc
+
Jan F. Chadima 28b0dc
+void
Jan F. Chadima 28b0dc
 ssh_sandbox_parent_finish(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
 {
Jan F. Chadima 28b0dc
 	free(box);
Jan F. Chadima 28b0dc
diff -up openssh-5.9p1/sandbox-null.c.sesandbox openssh-5.9p1/sandbox-null.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/sandbox-null.c.sesandbox	2011-06-23 11:45:51.000000000 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/sandbox-null.c	2011-09-19 04:10:15.599458687 +0200
Jan F. Chadima 28b0dc
@@ -58,6 +58,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
Jan F. Chadima 28b0dc
 }
Jan F. Chadima 28b0dc
 
Jan F. Chadima 28b0dc
 void
Jan F. Chadima 28b0dc
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
+{
Jan F. Chadima 28b0dc
+	/* empty */
Jan F. Chadima 28b0dc
+}
Jan F. Chadima 28b0dc
+
Jan F. Chadima 28b0dc
+void
Jan F. Chadima 28b0dc
 ssh_sandbox_parent_finish(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
 {
Jan F. Chadima 28b0dc
 	free(box);
Jan F. Chadima 28b0dc
diff -up openssh-5.9p1/sandbox-rlimit.c.sesandbox openssh-5.9p1/sandbox-rlimit.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/sandbox-rlimit.c.sesandbox	2011-06-23 11:45:51.000000000 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/sandbox-rlimit.c	2011-09-19 04:10:16.077647289 +0200
Jan F. Chadima 28b0dc
@@ -78,6 +78,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
Jan F. Chadima 28b0dc
 }
Jan F. Chadima 28b0dc
 
Jan F. Chadima 28b0dc
 void
Jan F. Chadima 28b0dc
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
+{
Jan F. Chadima 28b0dc
+	/* empty */
Jan F. Chadima 28b0dc
+}
Jan F. Chadima 28b0dc
+
Jan F. Chadima 28b0dc
+void
Jan F. Chadima 28b0dc
 ssh_sandbox_parent_finish(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
 {
Jan F. Chadima 28b0dc
 	free(box);
Jan F. Chadima c870e6
diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/sandbox-selinux.c.sesandbox	2011-09-19 04:10:16.179526059 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/sandbox-selinux.c	2011-09-19 04:39:00.058646230 +0200
Jan F. Chadima 28b0dc
@@ -0,0 +1,122 @@
Jan F. Chadima c870e6
+/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
Jan F. Chadima c870e6
+ 
Jan F. Chadima c870e6
+/*
Jan F. Chadima c870e6
+ * Copyright 2011 Red Hat, Inc.  All rights reserved.
Jan F. Chadima c870e6
+ * Use is subject to license terms.
Jan F. Chadima c870e6
+ *
Jan F. Chadima c870e6
+ * Redistribution and use in source and binary forms, with or without
Jan F. Chadima c870e6
+ * modification, are permitted provided that the following conditions
Jan F. Chadima c870e6
+ * are met:
Jan F. Chadima c870e6
+ * 1. Redistributions of source code must retain the above copyright
Jan F. Chadima c870e6
+ *    notice, this list of conditions and the following disclaimer.
Jan F. Chadima c870e6
+ * 2. Redistributions in binary form must reproduce the above copyright
Jan F. Chadima c870e6
+ *    notice, this list of conditions and the following disclaimer in the
Jan F. Chadima c870e6
+ *    documentation and/or other materials provided with the distribution.
Jan F. Chadima c870e6
+ *
Jan F. Chadima c870e6
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
Jan F. Chadima c870e6
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
Jan F. Chadima c870e6
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Jan F. Chadima c870e6
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
Jan F. Chadima c870e6
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
Jan F. Chadima c870e6
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
Jan F. Chadima c870e6
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
Jan F. Chadima c870e6
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
Jan F. Chadima c870e6
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
Jan F. Chadima c870e6
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Jan F. Chadima c870e6
+ *
Jan F. Chadima c870e6
+ * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
Jan F. Chadima c870e6
+ */
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+#include "includes.h"
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+#ifdef SANDBOX_SELINUX
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+#include <sys/types.h>
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+#include <errno.h>
Jan F. Chadima c870e6
+#include <stdarg.h>
Jan F. Chadima c870e6
+#include <stdio.h>
Jan F. Chadima c870e6
+#include <stdlib.h>
Jan F. Chadima c870e6
+#include <string.h>
Jan F. Chadima c870e6
+#include <unistd.h>
Jan F. Chadima cff1d0
+#include <sys/resource.h>
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+#include "log.h"
Jan F. Chadima c870e6
+#include "ssh-sandbox.h"
Jan F. Chadima c870e6
+#include "xmalloc.h"
Jan F. Chadima cff1d0
+#include "openbsd-compat/port-linux.h"
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+/* selinux based sandbox */
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+struct ssh_sandbox {
Jan F. Chadima c870e6
+	pid_t child_pid;
Jan F. Chadima c870e6
+};
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+struct ssh_sandbox *
Jan F. Chadima c870e6
+ssh_sandbox_init(void)
Jan F. Chadima c870e6
+{
Jan F. Chadima c870e6
+	struct ssh_sandbox *box;
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+	/*
Jan F. Chadima c870e6
+	 * Strictly, we don't need to maintain any state here but we need
Jan F. Chadima c870e6
+	 * to return non-NULL to satisfy the API.
Jan F. Chadima c870e6
+	 */
Jan F. Chadima 28b0dc
+	debug3("selinux sandbox init");
Jan F. Chadima c870e6
+	box = xcalloc(1, sizeof(*box));
Jan F. Chadima c870e6
+	box->child_pid = 0;
Jan F. Chadima c870e6
+	return box;
Jan F. Chadima c870e6
+}
Jan F. Chadima c870e6
+
Jan F. Chadima 28b0dc
+void
Jan F. Chadima 28b0dc
+ssh_sandbox_child(struct ssh_sandbox *box)
Jan F. Chadima c870e6
+{
Jan F. Chadima c870e6
+	struct rlimit rl_zero;
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
Jan F. Chadima c870e6
+		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
Jan F. Chadima c870e6
+			__func__, strerror(errno));
Jan F. Chadima c870e6
+	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
Jan F. Chadima c870e6
+		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
Jan F. Chadima c870e6
+			__func__, strerror(errno));
Jan F. Chadima c870e6
+#ifdef HAVE_RLIMIT_NPROC
Jan F. Chadima c870e6
+	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
Jan F. Chadima c870e6
+		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
Jan F. Chadima c870e6
+			__func__, strerror(errno));
Jan F. Chadima c870e6
+#endif
Jan F. Chadima c870e6
+}
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+void
Jan F. Chadima 28b0dc
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
Jan F. Chadima c870e6
+{
Petr Lautrbach 338e71
+	switch (ssh_selinux_change_context("sshd_net_t")) {
Jan F. Chadima c870e6
+	case 0:
Jan F. Chadima 28b0dc
+		debug3("selinux sandbox child sucessfully enabled");
Jan F. Chadima c870e6
+		break;
Jan F. Chadima c870e6
+	case -2:
Jan F. Chadima 28b0dc
+		logit("selinux sandbox not useful");
Jan F. Chadima c870e6
+		break;
Jan F. Chadima c870e6
+	case -1:
Jan F. Chadima c870e6
+		fatal("cannot set up selinux sandbox");
Jan F. Chadima c870e6
+	default:
Jan F. Chadima c870e6
+		fatal("inmternal error in selinux sandbox");
Jan F. Chadima c870e6
+	}
Jan F. Chadima c870e6
+}
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+void
Jan F. Chadima c870e6
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
Jan F. Chadima c870e6
+{
Jan F. Chadima c870e6
+	free(box);
Jan F. Chadima c870e6
+	debug3("%s: finished", __func__);
Jan F. Chadima c870e6
+}
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+void
Jan F. Chadima c870e6
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
Jan F. Chadima c870e6
+{
Jan F. Chadima 28b0dc
+	debug3("selinux sandbox parent sucessfully enabled");
Jan F. Chadima c870e6
+	box->child_pid = child_pid;
Jan F. Chadima c870e6
+}
Jan F. Chadima c870e6
+
Jan F. Chadima c870e6
+#endif /* SANDBOX_NULL */
Jan F. Chadima 28b0dc
diff -up openssh-5.9p1/sandbox-systrace.c.sesandbox openssh-5.9p1/sandbox-systrace.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/sandbox-systrace.c.sesandbox	2011-08-05 22:16:23.000000000 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/sandbox-systrace.c	2011-09-19 04:10:16.268646532 +0200
Jan F. Chadima 28b0dc
@@ -109,6 +109,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo
Jan F. Chadima 28b0dc
 	close(box->child_sock);
Jan F. Chadima 28b0dc
 }
Jan F. Chadima 28b0dc
 
Jan F. Chadima 28b0dc
+void
Jan F. Chadima 28b0dc
+ssh_sandbox_privileged_child(struct ssh_sandbox *box)
Jan F. Chadima 28b0dc
+{
Jan F. Chadima 28b0dc
+	/* empty */
Jan F. Chadima 28b0dc
+}
Jan F. Chadima 28b0dc
+
Jan F. Chadima 28b0dc
 static void
Jan F. Chadima 28b0dc
 ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
Jan F. Chadima 28b0dc
     const struct sandbox_policy *allowed_syscalls)
Jan F. Chadima 28b0dc
diff -up openssh-5.9p1/ssh-sandbox.h.sesandbox openssh-5.9p1/ssh-sandbox.h
Jan F. Chadima 28b0dc
--- openssh-5.9p1/ssh-sandbox.h.sesandbox	2011-06-23 11:45:51.000000000 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/ssh-sandbox.h	2011-09-19 04:10:16.392523931 +0200
Jan F. Chadima 28b0dc
@@ -19,5 +19,6 @@ struct ssh_sandbox;
Jan F. Chadima 28b0dc
 
Jan F. Chadima 28b0dc
 struct ssh_sandbox *ssh_sandbox_init(void);
Jan F. Chadima 28b0dc
 void ssh_sandbox_child(struct ssh_sandbox *);
Jan F. Chadima 28b0dc
+void ssh_sandbox_privileged_child(struct ssh_sandbox *);
Jan F. Chadima 28b0dc
 void ssh_sandbox_parent_finish(struct ssh_sandbox *);
Jan F. Chadima 28b0dc
 void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
Jan F. Chadima 28b0dc
diff -up openssh-5.9p1/sshd.c.sesandbox openssh-5.9p1/sshd.c
Jan F. Chadima 28b0dc
--- openssh-5.9p1/sshd.c.sesandbox	2011-09-19 04:10:14.564467584 +0200
Jan F. Chadima 28b0dc
+++ openssh-5.9p1/sshd.c	2011-09-19 04:36:43.324520132 +0200
Jan F. Chadima 28b0dc
@@ -728,10 +730,12 @@ privsep_preauth(Authctxt *authctxt)
Jan F. Chadima 28b0dc
 		set_log_handler(mm_log_handler, pmonitor);
Jan F. Chadima 28b0dc
 
Jan F. Chadima 28b0dc
 		/* Demote the child */
Jan F. Chadima 28b0dc
-		if (getuid() == 0 || geteuid() == 0)
Jan F. Chadima 28b0dc
+		if (getuid() == 0 || geteuid() == 0) {
Jan F. Chadima 28b0dc
+			ssh_sandbox_privileged_child(box);
Jan F. Chadima 28b0dc
 			privsep_preauth_child();
Jan F. Chadima 28b0dc
+		}
Jan F. Chadima 28b0dc
 		setproctitle("%s", "[net]");
Jan F. Chadima 28b0dc
 		if (box != NULL) {
Jan F. Chadima 28b0dc
 			ssh_sandbox_child(box);
Jan F. Chadima 28b0dc
 			xfree(box);
Jan F. Chadima 28b0dc
 		}