aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Introduced the protocol->jail binary packet.feature/jail_packetlns2019-02-04
| | | | | | | | We are using a handler/callback functions to obtain additional information from the protocol handler and transmit it to the sandbox. Signed-off-by: lns <matzeton@googlemail.com>
* event buffer fill/drainlns2018-08-22
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* basic jail packet parsing functionslns2018-08-13
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* setup basic jail packet structs/funcsToni Uhlig2018-08-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* ssh login cache saves denied user/pass combinationsToni Uhlig2018-08-10
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* removed keyboard INTERACTIVE from auth methods and added PUBLICKEY (denies ↵Toni Uhlig2018-08-10
| | | | | | access atm) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* log notice if client wants to use AUTH_METHOD_NONE(1) e.g. when reading the ↵lns2018-08-10
| | | | | | ssh banner Signed-off-by: lns <matzeton@googlemail.com>
* potd --help example is now shell compatiblelns2018-08-10
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* user-namepsace: use macro instead of commenting out uid-mapping setuplns2018-08-10
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* use potd event buffer as epoll data instead of a fdlns2018-08-07
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* do not spam logs with nonexistant files/dirs while trying to disable thoselns2018-08-07
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* additional autoconf check for ambient raise securebit to support kernels ↵Toni Uhlig2018-08-02
| | | | | | prior 4.3 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* set PR_SET_SECUREBITS and PR_SET_NO_NEW_PRIVSlns2018-08-02
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* Merge branch 'master' of ssh://127.0.0.1:2223/git/potdlns2018-07-23
|\
| * fixed/ignore coverity errors/false-positivesToni Uhlig2018-07-20
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * gitlab/travis: run cppcheck only in ./src, disabled potd --test as it is not ↵Toni Uhlig2018-07-20
| | | | | | | | | | | | properly functioning in docker env's Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * added TODO regarding gitlab/travis problemsToni Uhlig2018-07-20
| | | | | | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| * fixed typo, temporarily disabled selftest functions (for some reason they ↵Toni Uhlig2018-07-20
| | | | | | | | | | | | dont work on CI) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* | force flawfinder to ignore false-positives for correctly used functions such ↵lns2018-07-23
|/ | | | | | as realpath, snprintf, vsnprintf, etc Signed-off-by: lns <matzeton@googlemail.com>
* added compat module and functionslns2018-07-19
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* ArchLinux: fixed compiler warnings (libc functions marked withlns2018-07-18
| | | | | | warn_unused_result) Signed-off-by: lns <matzeton@googlemail.com>
* Coverity CID 301785: check return value of remove() although it is not necessaryToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301781: fixed wrong if clause for socket() return value checkToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301775: check for valid fd before close()Toni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301780: fixed missing break (that was on purpose by the dev but ↵Toni Uhlig2018-07-18
| | | | | | obv it does not make sense) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301773: out-of-bounds array access fixed (false positive anyway)Toni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301774: do not call any log function after chroot but before ↵Toni Uhlig2018-07-18
| | | | | | chdir("/") Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301779: check return value of chmod()Toni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301779: fixed fd leakToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Copyright info updatedToni Uhlig2018-07-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Coverity CID 301781: fixed resource leak when ioctl failsToni Uhlig2018-07-17
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* selftest: test jail/sandbox during startup or with --testlns2018-07-17
| | | | Signed-off-by: lns <matzeton@googlemail.com>
* selftest: check existence of additional directoriesToni Uhlig2018-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* selftest: print detailed error if file/dir checks failToni Uhlig2018-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* selftest: added valgrind check and print warningToni Uhlig2018-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* more copyright informationsToni Uhlig2018-07-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* updated copyright informationsToni Uhlig2018-07-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added logging priority 'PROTOCOL' for protocol speicific dataToni Uhlig2018-06-28
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* zero out mmap'd memoryToni Uhlig2018-06-28
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* protocol ssh max session limitToni Uhlig2018-06-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* protocol ssh login cache [+] login probabilityToni Uhlig2018-06-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* logging pid rjustToni Uhlig2018-06-25
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* improved daemon multi process (exit) signal handling e.g. do not send double ↵Toni Uhlig2018-06-25
| | | | | | SIGTERMs/SIGHUPs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fixed long-term libssh pki-keygen bug, EMPTY PASSPHRASE is NOT an EMPTY ↵Toni Uhlig2018-06-25
| | | | | | STRING ("") instead it is a NULL-Pointer if libssh version >0.7.3 Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* libseccomp is now optional but still recommendedToni Uhlig2018-06-25
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* improved debug output while changing user/groupToni Uhlig2018-06-24
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* BUG: replaced pthread_detach with pthread_attr_setdetachstate to fix ↵Toni Uhlig2018-06-24
| | | | | | possible SIGSEGVs on ARM platforms Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added backtrace support on SIGSEGVToni Uhlig2018-06-24
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added seccomp blacklisted syscalls: ioperm, ioplToni Uhlig2018-06-24
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* fixed buffer overwrite by libc functions basename/dirname, open(...) should ↵Toni Uhlig2018-06-24
| | | | | | set mode to 0 instead of ignoring it Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.