11c188a7fSPeter Avalos /* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ 21c188a7fSPeter Avalos /* 31c188a7fSPeter Avalos * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 41c188a7fSPeter Avalos * 51c188a7fSPeter Avalos * Permission to use, copy, modify, and distribute this software for any 61c188a7fSPeter Avalos * purpose with or without fee is hereby granted, provided that the above 71c188a7fSPeter Avalos * copyright notice and this permission notice appear in all copies. 81c188a7fSPeter Avalos * 91c188a7fSPeter Avalos * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 101c188a7fSPeter Avalos * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 111c188a7fSPeter Avalos * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 121c188a7fSPeter Avalos * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 131c188a7fSPeter Avalos * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 141c188a7fSPeter Avalos * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 151c188a7fSPeter Avalos * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 161c188a7fSPeter Avalos */ 171c188a7fSPeter Avalos 181c188a7fSPeter Avalos #include "includes.h" 191c188a7fSPeter Avalos 201c188a7fSPeter Avalos #ifdef SANDBOX_RLIMIT 211c188a7fSPeter Avalos 221c188a7fSPeter Avalos #include <sys/types.h> 231c188a7fSPeter Avalos #include <sys/param.h> 241c188a7fSPeter Avalos #include <sys/time.h> 251c188a7fSPeter Avalos #include <sys/resource.h> 261c188a7fSPeter Avalos 271c188a7fSPeter Avalos #include <errno.h> 281c188a7fSPeter Avalos #include <stdarg.h> 291c188a7fSPeter Avalos #include <stdio.h> 301c188a7fSPeter Avalos #include <stdlib.h> 311c188a7fSPeter Avalos #include <string.h> 321c188a7fSPeter Avalos #include <unistd.h> 331c188a7fSPeter Avalos 341c188a7fSPeter Avalos #include "log.h" 351c188a7fSPeter Avalos #include "ssh-sandbox.h" 361c188a7fSPeter Avalos #include "xmalloc.h" 371c188a7fSPeter Avalos 381c188a7fSPeter Avalos /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ 391c188a7fSPeter Avalos 401c188a7fSPeter Avalos struct ssh_sandbox { 411c188a7fSPeter Avalos pid_t child_pid; 421c188a7fSPeter Avalos }; 431c188a7fSPeter Avalos 441c188a7fSPeter Avalos struct ssh_sandbox * 451c188a7fSPeter Avalos ssh_sandbox_init(void) 461c188a7fSPeter Avalos { 471c188a7fSPeter Avalos struct ssh_sandbox *box; 481c188a7fSPeter Avalos 491c188a7fSPeter Avalos /* 501c188a7fSPeter Avalos * Strictly, we don't need to maintain any state here but we need 511c188a7fSPeter Avalos * to return non-NULL to satisfy the API. 521c188a7fSPeter Avalos */ 531c188a7fSPeter Avalos debug3("%s: preparing rlimit sandbox", __func__); 541c188a7fSPeter Avalos box = xcalloc(1, sizeof(*box)); 551c188a7fSPeter Avalos box->child_pid = 0; 561c188a7fSPeter Avalos 571c188a7fSPeter Avalos return box; 581c188a7fSPeter Avalos } 591c188a7fSPeter Avalos 601c188a7fSPeter Avalos void 611c188a7fSPeter Avalos ssh_sandbox_child(struct ssh_sandbox *box) 621c188a7fSPeter Avalos { 631c188a7fSPeter Avalos struct rlimit rl_zero; 641c188a7fSPeter Avalos 651c188a7fSPeter Avalos rl_zero.rlim_cur = rl_zero.rlim_max = 0; 661c188a7fSPeter Avalos 67*99e85e0dSPeter Avalos #ifndef SANDBOX_SKIP_RLIMIT_FSIZE 681c188a7fSPeter Avalos if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) 691c188a7fSPeter Avalos fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", 701c188a7fSPeter Avalos __func__, strerror(errno)); 71*99e85e0dSPeter Avalos #endif 721c188a7fSPeter Avalos if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) 731c188a7fSPeter Avalos fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", 741c188a7fSPeter Avalos __func__, strerror(errno)); 751c188a7fSPeter Avalos #ifdef HAVE_RLIMIT_NPROC 761c188a7fSPeter Avalos if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) 771c188a7fSPeter Avalos fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", 781c188a7fSPeter Avalos __func__, strerror(errno)); 791c188a7fSPeter Avalos #endif 801c188a7fSPeter Avalos } 811c188a7fSPeter Avalos 821c188a7fSPeter Avalos void 831c188a7fSPeter Avalos ssh_sandbox_parent_finish(struct ssh_sandbox *box) 841c188a7fSPeter Avalos { 851c188a7fSPeter Avalos free(box); 861c188a7fSPeter Avalos debug3("%s: finished", __func__); 871c188a7fSPeter Avalos } 881c188a7fSPeter Avalos 891c188a7fSPeter Avalos void 901c188a7fSPeter Avalos ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) 911c188a7fSPeter Avalos { 921c188a7fSPeter Avalos box->child_pid = child_pid; 931c188a7fSPeter Avalos } 941c188a7fSPeter Avalos 951c188a7fSPeter Avalos #endif /* SANDBOX_RLIMIT */ 96