xref: /dragonfly/crypto/openssh/sandbox-rlimit.c (revision 99e85e0d) 
11c188a7fSPeter Avalos /* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */
21c188a7fSPeter Avalos /*
31c188a7fSPeter Avalos  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
41c188a7fSPeter Avalos  *
51c188a7fSPeter Avalos  * Permission to use, copy, modify, and distribute this software for any
61c188a7fSPeter Avalos  * purpose with or without fee is hereby granted, provided that the above
71c188a7fSPeter Avalos  * copyright notice and this permission notice appear in all copies.
81c188a7fSPeter Avalos  *
91c188a7fSPeter Avalos  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
101c188a7fSPeter Avalos  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
111c188a7fSPeter Avalos  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
121c188a7fSPeter Avalos  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
131c188a7fSPeter Avalos  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
141c188a7fSPeter Avalos  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
151c188a7fSPeter Avalos  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
161c188a7fSPeter Avalos  */
171c188a7fSPeter Avalos 
181c188a7fSPeter Avalos #include "includes.h"
191c188a7fSPeter Avalos 
201c188a7fSPeter Avalos #ifdef SANDBOX_RLIMIT
211c188a7fSPeter Avalos 
221c188a7fSPeter Avalos #include <sys/types.h>
231c188a7fSPeter Avalos #include <sys/param.h>
241c188a7fSPeter Avalos #include <sys/time.h>
251c188a7fSPeter Avalos #include <sys/resource.h>
261c188a7fSPeter Avalos 
271c188a7fSPeter Avalos #include <errno.h>
281c188a7fSPeter Avalos #include <stdarg.h>
291c188a7fSPeter Avalos #include <stdio.h>
301c188a7fSPeter Avalos #include <stdlib.h>
311c188a7fSPeter Avalos #include <string.h>
321c188a7fSPeter Avalos #include <unistd.h>
331c188a7fSPeter Avalos 
341c188a7fSPeter Avalos #include "log.h"
351c188a7fSPeter Avalos #include "ssh-sandbox.h"
361c188a7fSPeter Avalos #include "xmalloc.h"
371c188a7fSPeter Avalos 
381c188a7fSPeter Avalos /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
391c188a7fSPeter Avalos 
401c188a7fSPeter Avalos struct ssh_sandbox {
411c188a7fSPeter Avalos 	pid_t child_pid;
421c188a7fSPeter Avalos };
431c188a7fSPeter Avalos 
441c188a7fSPeter Avalos struct ssh_sandbox *
451c188a7fSPeter Avalos ssh_sandbox_init(void)
461c188a7fSPeter Avalos {
471c188a7fSPeter Avalos 	struct ssh_sandbox *box;
481c188a7fSPeter Avalos 
491c188a7fSPeter Avalos 	/*
501c188a7fSPeter Avalos 	 * Strictly, we don't need to maintain any state here but we need
511c188a7fSPeter Avalos 	 * to return non-NULL to satisfy the API.
521c188a7fSPeter Avalos 	 */
531c188a7fSPeter Avalos 	debug3("%s: preparing rlimit sandbox", __func__);
541c188a7fSPeter Avalos 	box = xcalloc(1, sizeof(*box));
551c188a7fSPeter Avalos 	box->child_pid = 0;
561c188a7fSPeter Avalos 
571c188a7fSPeter Avalos 	return box;
581c188a7fSPeter Avalos }
591c188a7fSPeter Avalos 
601c188a7fSPeter Avalos void
611c188a7fSPeter Avalos ssh_sandbox_child(struct ssh_sandbox *box)
621c188a7fSPeter Avalos {
631c188a7fSPeter Avalos 	struct rlimit rl_zero;
641c188a7fSPeter Avalos 
651c188a7fSPeter Avalos 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
661c188a7fSPeter Avalos 
67*99e85e0dSPeter Avalos #ifndef SANDBOX_SKIP_RLIMIT_FSIZE
681c188a7fSPeter Avalos 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
691c188a7fSPeter Avalos 		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
701c188a7fSPeter Avalos 			__func__, strerror(errno));
71*99e85e0dSPeter Avalos #endif
721c188a7fSPeter Avalos 	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
731c188a7fSPeter Avalos 		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
741c188a7fSPeter Avalos 			__func__, strerror(errno));
751c188a7fSPeter Avalos #ifdef HAVE_RLIMIT_NPROC
761c188a7fSPeter Avalos 	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
771c188a7fSPeter Avalos 		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
781c188a7fSPeter Avalos 			__func__, strerror(errno));
791c188a7fSPeter Avalos #endif
801c188a7fSPeter Avalos }
811c188a7fSPeter Avalos 
821c188a7fSPeter Avalos void
831c188a7fSPeter Avalos ssh_sandbox_parent_finish(struct ssh_sandbox *box)
841c188a7fSPeter Avalos {
851c188a7fSPeter Avalos 	free(box);
861c188a7fSPeter Avalos 	debug3("%s: finished", __func__);
871c188a7fSPeter Avalos }
881c188a7fSPeter Avalos 
891c188a7fSPeter Avalos void
901c188a7fSPeter Avalos ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
911c188a7fSPeter Avalos {
921c188a7fSPeter Avalos 	box->child_pid = child_pid;
931c188a7fSPeter Avalos }
941c188a7fSPeter Avalos 
951c188a7fSPeter Avalos #endif /* SANDBOX_RLIMIT */
96