| sandbox-rlimit.c (247485) | sandbox-rlimit.c (263970) |
|---|---|
| 1/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ 2/* 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * --- 28 unchanged lines hidden (view full) --- 37 38/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ 39 40struct ssh_sandbox { 41 pid_t child_pid; 42}; 43 44struct ssh_sandbox * | 1/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ 2/* 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * --- 28 unchanged lines hidden (view full) --- 37 38/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ 39 40struct ssh_sandbox { 41 pid_t child_pid; 42}; 43 44struct ssh_sandbox * |
| 45ssh_sandbox_init(void) | 45ssh_sandbox_init(struct monitor *monitor) |
| 46{ 47 struct ssh_sandbox *box; 48 49 /* 50 * Strictly, we don't need to maintain any state here but we need 51 * to return non-NULL to satisfy the API. 52 */ 53 debug3("%s: preparing rlimit sandbox", __func__); --- 10 unchanged lines hidden (view full) --- 64 65 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 66 67#ifndef SANDBOX_SKIP_RLIMIT_FSIZE 68 if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) 69 fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", 70 __func__, strerror(errno)); 71#endif | 46{ 47 struct ssh_sandbox *box; 48 49 /* 50 * Strictly, we don't need to maintain any state here but we need 51 * to return non-NULL to satisfy the API. 52 */ 53 debug3("%s: preparing rlimit sandbox", __func__); --- 10 unchanged lines hidden (view full) --- 64 65 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 66 67#ifndef SANDBOX_SKIP_RLIMIT_FSIZE 68 if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) 69 fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", 70 __func__, strerror(errno)); 71#endif |
| 72#ifndef SANDBOX_SKIP_RLIMIT_NOFILE |
|
| 72 if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) 73 fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", 74 __func__, strerror(errno)); | 73 if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) 74 fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", 75 __func__, strerror(errno)); |
| 76#endif |
|
| 75#ifdef HAVE_RLIMIT_NPROC 76 if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) 77 fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", 78 __func__, strerror(errno)); 79#endif 80} 81 82void --- 13 unchanged lines hidden --- | 77#ifdef HAVE_RLIMIT_NPROC 78 if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) 79 fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", 80 __func__, strerror(errno)); 81#endif 82} 83 84void --- 13 unchanged lines hidden --- |