Merge upstream-master into master

Commit ecb2c02d994b3e21994f31a70ff911667c262f1f upstream

This nearly (but not quite) corresponds to V_8_3_P1; subsequent
cherry-picks will correct this.

Bug: 162492243
Change-Id: I3c079d86435b7c25aefff4538dc89a3002b1e25b

1 files changed, 25 insertions, 17 deletions

diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index f30e7057..e61d581a 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.14 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.18 2015/10/02 01:39:26 deraadt Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -36,7 +36,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <limits.h>
 
 #include "atomicio.h"
 #include "log.h"
@@ -50,7 +49,17 @@ struct sandbox_policy {
 
 /* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */
 static const struct sandbox_policy preauth_policy[] = {
-	{ SYS_open, SYSTR_POLICY_NEVER },
+	{ SYS_exit, SYSTR_POLICY_PERMIT },
+#ifdef SYS_kbind
+	{ SYS_kbind, SYSTR_POLICY_PERMIT },
+#endif
+
+	{ SYS_getpid, SYSTR_POLICY_PERMIT },
+	{ SYS_getpgid, SYSTR_POLICY_PERMIT },
+	{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
+	{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
+	{ SYS_nanosleep, SYSTR_POLICY_PERMIT },
+	{ SYS_sigprocmask, SYSTR_POLICY_PERMIT },
 
 #ifdef SYS_getentropy
 	/* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */
@@ -59,26 +68,25 @@ static const struct sandbox_policy preauth_policy[] = {
 	/* Previous releases used sysctl(3)'s kern.arnd variable. */
 	{ SYS___sysctl, SYSTR_POLICY_PERMIT },
 #endif
-
 #ifdef SYS_sendsyslog
- 	{ SYS_sendsyslog, SYSTR_POLICY_PERMIT },
+	{ SYS_sendsyslog, SYSTR_POLICY_PERMIT },
 #endif
-	{ SYS_close, SYSTR_POLICY_PERMIT },
-	{ SYS_exit, SYSTR_POLICY_PERMIT },
-	{ SYS_getpid, SYSTR_POLICY_PERMIT },
-	{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
-	{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
+
 	{ SYS_madvise, SYSTR_POLICY_PERMIT },
 	{ SYS_mmap, SYSTR_POLICY_PERMIT },
 	{ SYS_mprotect, SYSTR_POLICY_PERMIT },
 	{ SYS_mquery, SYSTR_POLICY_PERMIT },
-	{ SYS_poll, SYSTR_POLICY_PERMIT },
 	{ SYS_munmap, SYSTR_POLICY_PERMIT },
-	{ SYS_read, SYSTR_POLICY_PERMIT },
+
+	{ SYS_poll, SYSTR_POLICY_PERMIT },
 	{ SYS_select, SYSTR_POLICY_PERMIT },
-	{ SYS_shutdown, SYSTR_POLICY_PERMIT },
-	{ SYS_sigprocmask, SYSTR_POLICY_PERMIT },
+	{ SYS_read, SYSTR_POLICY_PERMIT },
 	{ SYS_write, SYSTR_POLICY_PERMIT },
+	{ SYS_shutdown, SYSTR_POLICY_PERMIT },
+	{ SYS_close, SYSTR_POLICY_PERMIT },
+
+	{ SYS_open, SYSTR_POLICY_NEVER },
+
 	{ -1, -1 }
 };
 
@@ -97,7 +105,7 @@ ssh_sandbox_init(struct monitor *monitor)
 	box = xcalloc(1, sizeof(*box));
 	box->systrace_fd = -1;
 	box->child_pid = 0;
-	box->osigchld = signal(SIGCHLD, SIG_IGN);
+	box->osigchld = ssh_signal(SIGCHLD, SIG_IGN);
 
 	return box;
 }
@@ -106,7 +114,7 @@ void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
 	debug3("%s: ready", __func__);
-	signal(SIGCHLD, box->osigchld);
+	ssh_signal(SIGCHLD, box->osigchld);
 	if (kill(getpid(), SIGSTOP) != 0)
 		fatal("%s: kill(%d, SIGSTOP)", __func__, getpid());
 	debug3("%s: started", __func__);
@@ -125,7 +133,7 @@ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
 	do {
 		pid = waitpid(child_pid, &status, WUNTRACED);
 	} while (pid == -1 && errno == EINTR);
-	signal(SIGCHLD, box->osigchld);
+	ssh_signal(SIGCHLD, box->osigchld);
 	if (!WIFSTOPPED(status)) {
 		if (WIFSIGNALED(status))
 			fatal("%s: child terminated with signal %d",