1*1c188a7fSPeter Avalos /* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ 2*1c188a7fSPeter Avalos /* 3*1c188a7fSPeter Avalos * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 4*1c188a7fSPeter Avalos * 5*1c188a7fSPeter Avalos * Permission to use, copy, modify, and distribute this software for any 6*1c188a7fSPeter Avalos * purpose with or without fee is hereby granted, provided that the above 7*1c188a7fSPeter Avalos * copyright notice and this permission notice appear in all copies. 8*1c188a7fSPeter Avalos * 9*1c188a7fSPeter Avalos * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10*1c188a7fSPeter Avalos * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11*1c188a7fSPeter Avalos * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12*1c188a7fSPeter Avalos * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13*1c188a7fSPeter Avalos * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14*1c188a7fSPeter Avalos * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15*1c188a7fSPeter Avalos * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16*1c188a7fSPeter Avalos */ 17*1c188a7fSPeter Avalos 18*1c188a7fSPeter Avalos #include "includes.h" 19*1c188a7fSPeter Avalos 20*1c188a7fSPeter Avalos #ifdef SANDBOX_RLIMIT 21*1c188a7fSPeter Avalos 22*1c188a7fSPeter Avalos #include <sys/types.h> 23*1c188a7fSPeter Avalos #include <sys/param.h> 24*1c188a7fSPeter Avalos #include <sys/time.h> 25*1c188a7fSPeter Avalos #include <sys/resource.h> 26*1c188a7fSPeter Avalos 27*1c188a7fSPeter Avalos #include <errno.h> 28*1c188a7fSPeter Avalos #include <stdarg.h> 29*1c188a7fSPeter Avalos #include <stdio.h> 30*1c188a7fSPeter Avalos #include <stdlib.h> 31*1c188a7fSPeter Avalos #include <string.h> 32*1c188a7fSPeter Avalos #include <unistd.h> 33*1c188a7fSPeter Avalos 34*1c188a7fSPeter Avalos #include "log.h" 35*1c188a7fSPeter Avalos #include "ssh-sandbox.h" 36*1c188a7fSPeter Avalos #include "xmalloc.h" 37*1c188a7fSPeter Avalos 38*1c188a7fSPeter Avalos /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ 39*1c188a7fSPeter Avalos 40*1c188a7fSPeter Avalos struct ssh_sandbox { 41*1c188a7fSPeter Avalos pid_t child_pid; 42*1c188a7fSPeter Avalos }; 43*1c188a7fSPeter Avalos 44*1c188a7fSPeter Avalos struct ssh_sandbox * 45*1c188a7fSPeter Avalos ssh_sandbox_init(void) 46*1c188a7fSPeter Avalos { 47*1c188a7fSPeter Avalos struct ssh_sandbox *box; 48*1c188a7fSPeter Avalos 49*1c188a7fSPeter Avalos /* 50*1c188a7fSPeter Avalos * Strictly, we don't need to maintain any state here but we need 51*1c188a7fSPeter Avalos * to return non-NULL to satisfy the API. 52*1c188a7fSPeter Avalos */ 53*1c188a7fSPeter Avalos debug3("%s: preparing rlimit sandbox", __func__); 54*1c188a7fSPeter Avalos box = xcalloc(1, sizeof(*box)); 55*1c188a7fSPeter Avalos box->child_pid = 0; 56*1c188a7fSPeter Avalos 57*1c188a7fSPeter Avalos return box; 58*1c188a7fSPeter Avalos } 59*1c188a7fSPeter Avalos 60*1c188a7fSPeter Avalos void 61*1c188a7fSPeter Avalos ssh_sandbox_child(struct ssh_sandbox *box) 62*1c188a7fSPeter Avalos { 63*1c188a7fSPeter Avalos struct rlimit rl_zero; 64*1c188a7fSPeter Avalos 65*1c188a7fSPeter Avalos rl_zero.rlim_cur = rl_zero.rlim_max = 0; 66*1c188a7fSPeter Avalos 67*1c188a7fSPeter Avalos if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) 68*1c188a7fSPeter Avalos fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", 69*1c188a7fSPeter Avalos __func__, strerror(errno)); 70*1c188a7fSPeter Avalos if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) 71*1c188a7fSPeter Avalos fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", 72*1c188a7fSPeter Avalos __func__, strerror(errno)); 73*1c188a7fSPeter Avalos #ifdef HAVE_RLIMIT_NPROC 74*1c188a7fSPeter Avalos if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) 75*1c188a7fSPeter Avalos fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", 76*1c188a7fSPeter Avalos __func__, strerror(errno)); 77*1c188a7fSPeter Avalos #endif 78*1c188a7fSPeter Avalos } 79*1c188a7fSPeter Avalos 80*1c188a7fSPeter Avalos void 81*1c188a7fSPeter Avalos ssh_sandbox_parent_finish(struct ssh_sandbox *box) 82*1c188a7fSPeter Avalos { 83*1c188a7fSPeter Avalos free(box); 84*1c188a7fSPeter Avalos debug3("%s: finished", __func__); 85*1c188a7fSPeter Avalos } 86*1c188a7fSPeter Avalos 87*1c188a7fSPeter Avalos void 88*1c188a7fSPeter Avalos ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) 89*1c188a7fSPeter Avalos { 90*1c188a7fSPeter Avalos box->child_pid = child_pid; 91*1c188a7fSPeter Avalos } 92*1c188a7fSPeter Avalos 93*1c188a7fSPeter Avalos #endif /* SANDBOX_RLIMIT */ 94