1225825Sdes/* 2225825Sdes * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3225825Sdes * 4225825Sdes * Permission to use, copy, modify, and distribute this software for any 5225825Sdes * purpose with or without fee is hereby granted, provided that the above 6225825Sdes * copyright notice and this permission notice appear in all copies. 7225825Sdes * 8225825Sdes * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9225825Sdes * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10225825Sdes * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11225825Sdes * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12225825Sdes * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13225825Sdes * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14225825Sdes * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15225825Sdes */ 16225825Sdes 17225825Sdes#include "includes.h" 18225825Sdes 19225825Sdes#ifdef SANDBOX_DARWIN 20225825Sdes 21225825Sdes#include <sys/types.h> 22225825Sdes 23225825Sdes#include <sandbox.h> 24225825Sdes 25225825Sdes#include <errno.h> 26225825Sdes#include <stdarg.h> 27225825Sdes#include <stdio.h> 28225825Sdes#include <stdlib.h> 29225825Sdes#include <string.h> 30225825Sdes#include <unistd.h> 31225825Sdes 32225825Sdes#include "log.h" 33225825Sdes#include "sandbox.h" 34225825Sdes#include "xmalloc.h" 35225825Sdes 36225825Sdes/* Darwin/OS X sandbox */ 37225825Sdes 38225825Sdesstruct ssh_sandbox { 39225825Sdes pid_t child_pid; 40225825Sdes}; 41225825Sdes 42225825Sdesstruct ssh_sandbox * 43262566Sdesssh_sandbox_init(struct monitor *monitor) 44225825Sdes{ 45225825Sdes struct ssh_sandbox *box; 46225825Sdes 47225825Sdes /* 48225825Sdes * Strictly, we don't need to maintain any state here but we need 49225825Sdes * to return non-NULL to satisfy the API. 50225825Sdes */ 51225825Sdes debug3("%s: preparing Darwin sandbox", __func__); 52225825Sdes box = xcalloc(1, sizeof(*box)); 53225825Sdes box->child_pid = 0; 54225825Sdes 55225825Sdes return box; 56225825Sdes} 57225825Sdes 58225825Sdesvoid 59225825Sdesssh_sandbox_child(struct ssh_sandbox *box) 60225825Sdes{ 61225825Sdes char *errmsg; 62225825Sdes struct rlimit rl_zero; 63225825Sdes 64225825Sdes debug3("%s: starting Darwin sandbox", __func__); 65225825Sdes if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED, 66225825Sdes &errmsg) == -1) 67225825Sdes fatal("%s: sandbox_init: %s", __func__, errmsg); 68225825Sdes 69225825Sdes /* 70225825Sdes * The kSBXProfilePureComputation still allows sockets, so 71225825Sdes * we must disable these using rlimit. 72225825Sdes */ 73225825Sdes rl_zero.rlim_cur = rl_zero.rlim_max = 0; 74225825Sdes if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) 75225825Sdes fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", 76225825Sdes __func__, strerror(errno)); 77225825Sdes if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) 78225825Sdes fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", 79225825Sdes __func__, strerror(errno)); 80225825Sdes if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) 81225825Sdes fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", 82225825Sdes __func__, strerror(errno)); 83225825Sdes} 84225825Sdes 85225825Sdesvoid 86225825Sdesssh_sandbox_parent_finish(struct ssh_sandbox *box) 87225825Sdes{ 88225825Sdes free(box); 89225825Sdes debug3("%s: finished", __func__); 90225825Sdes} 91225825Sdes 92225825Sdesvoid 93225825Sdesssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) 94225825Sdes{ 95225825Sdes box->child_pid = child_pid; 96225825Sdes} 97225825Sdes 98225825Sdes#endif /* SANDBOX_DARWIN */ 99