xref: /dragonfly/crypto/openssh/sandbox-rlimit.c (revision 50a69bb5) 
150a69bb5SSascha Wildner /* $OpenBSD: sandbox-rlimit.c,v 1.5 2020/10/18 11:32:01 djm Exp $ */
21c188a7fSPeter Avalos /*
31c188a7fSPeter Avalos  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
41c188a7fSPeter Avalos  *
51c188a7fSPeter Avalos  * Permission to use, copy, modify, and distribute this software for any
61c188a7fSPeter Avalos  * purpose with or without fee is hereby granted, provided that the above
71c188a7fSPeter Avalos  * copyright notice and this permission notice appear in all copies.
81c188a7fSPeter Avalos  *
91c188a7fSPeter Avalos  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
101c188a7fSPeter Avalos  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
111c188a7fSPeter Avalos  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
121c188a7fSPeter Avalos  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
131c188a7fSPeter Avalos  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
141c188a7fSPeter Avalos  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
151c188a7fSPeter Avalos  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
161c188a7fSPeter Avalos  */
171c188a7fSPeter Avalos 
181c188a7fSPeter Avalos #include "includes.h"
191c188a7fSPeter Avalos 
201c188a7fSPeter Avalos #ifdef SANDBOX_RLIMIT
211c188a7fSPeter Avalos 
221c188a7fSPeter Avalos #include <sys/types.h>
231c188a7fSPeter Avalos #include <sys/time.h>
241c188a7fSPeter Avalos #include <sys/resource.h>
251c188a7fSPeter Avalos 
261c188a7fSPeter Avalos #include <errno.h>
271c188a7fSPeter Avalos #include <stdarg.h>
281c188a7fSPeter Avalos #include <stdio.h>
291c188a7fSPeter Avalos #include <stdlib.h>
301c188a7fSPeter Avalos #include <string.h>
311c188a7fSPeter Avalos #include <unistd.h>
321c188a7fSPeter Avalos 
331c188a7fSPeter Avalos #include "log.h"
341c188a7fSPeter Avalos #include "ssh-sandbox.h"
351c188a7fSPeter Avalos #include "xmalloc.h"
361c188a7fSPeter Avalos 
371c188a7fSPeter Avalos /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
381c188a7fSPeter Avalos 
391c188a7fSPeter Avalos struct ssh_sandbox {
401c188a7fSPeter Avalos 	pid_t child_pid;
411c188a7fSPeter Avalos };
421c188a7fSPeter Avalos 
431c188a7fSPeter Avalos struct ssh_sandbox *
ssh_sandbox_init(struct monitor * monitor)4436e94dc5SPeter Avalos ssh_sandbox_init(struct monitor *monitor)
451c188a7fSPeter Avalos {
461c188a7fSPeter Avalos 	struct ssh_sandbox *box;
471c188a7fSPeter Avalos 
481c188a7fSPeter Avalos 	/*
491c188a7fSPeter Avalos 	 * Strictly, we don't need to maintain any state here but we need
501c188a7fSPeter Avalos 	 * to return non-NULL to satisfy the API.
511c188a7fSPeter Avalos 	 */
5250a69bb5SSascha Wildner 	debug3_f("preparing rlimit sandbox");
531c188a7fSPeter Avalos 	box = xcalloc(1, sizeof(*box));
541c188a7fSPeter Avalos 	box->child_pid = 0;
551c188a7fSPeter Avalos 
561c188a7fSPeter Avalos 	return box;
571c188a7fSPeter Avalos }
581c188a7fSPeter Avalos 
591c188a7fSPeter Avalos void
ssh_sandbox_child(struct ssh_sandbox * box)601c188a7fSPeter Avalos ssh_sandbox_child(struct ssh_sandbox *box)
611c188a7fSPeter Avalos {
621c188a7fSPeter Avalos 	struct rlimit rl_zero;
631c188a7fSPeter Avalos 
641c188a7fSPeter Avalos 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
651c188a7fSPeter Avalos 
6699e85e0dSPeter Avalos #ifndef SANDBOX_SKIP_RLIMIT_FSIZE
671c188a7fSPeter Avalos 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
6850a69bb5SSascha Wildner 		fatal_f("setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
6950a69bb5SSascha Wildner 			strerror(errno));
7099e85e0dSPeter Avalos #endif
7136e94dc5SPeter Avalos #ifndef SANDBOX_SKIP_RLIMIT_NOFILE
721c188a7fSPeter Avalos 	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
7350a69bb5SSascha Wildner 		fatal_f("setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
7450a69bb5SSascha Wildner 			strerror(errno));
7536e94dc5SPeter Avalos #endif
761c188a7fSPeter Avalos #ifdef HAVE_RLIMIT_NPROC
771c188a7fSPeter Avalos 	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
7850a69bb5SSascha Wildner 		fatal_f("setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
7950a69bb5SSascha Wildner 			strerror(errno));
801c188a7fSPeter Avalos #endif
811c188a7fSPeter Avalos }
821c188a7fSPeter Avalos 
831c188a7fSPeter Avalos void
ssh_sandbox_parent_finish(struct ssh_sandbox * box)841c188a7fSPeter Avalos ssh_sandbox_parent_finish(struct ssh_sandbox *box)
851c188a7fSPeter Avalos {
861c188a7fSPeter Avalos 	free(box);
8750a69bb5SSascha Wildner 	debug3_f("finished");
881c188a7fSPeter Avalos }
891c188a7fSPeter Avalos 
901c188a7fSPeter Avalos void
ssh_sandbox_parent_preauth(struct ssh_sandbox * box,pid_t child_pid)911c188a7fSPeter Avalos ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
921c188a7fSPeter Avalos {
931c188a7fSPeter Avalos 	box->child_pid = child_pid;
941c188a7fSPeter Avalos }
951c188a7fSPeter Avalos 
961c188a7fSPeter Avalos #endif /* SANDBOX_RLIMIT */
97