aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorbdrewery <bdrewery@FreeBSD.org>2013-05-17 22:36:34 +0800
committerbdrewery <bdrewery@FreeBSD.org>2013-05-17 22:36:34 +0800
commit129832b89905c6ea415529af03c252e950d777cb (patch)
treeec410727874f48222d3b474e92e9f28db1bcb353 /security
parent134a0b3e4343e4c26aef6acd9ba1e1659e6a9adc (diff)
downloadfreebsd-ports-gnome-129832b89905c6ea415529af03c252e950d777cb.tar.gz
freebsd-ports-gnome-129832b89905c6ea415529af03c252e950d777cb.tar.zst
freebsd-ports-gnome-129832b89905c6ea415529af03c252e950d777cb.zip
- Bring in r199804 and r206397 from base to avoid killing sshd in
high-pressure swapping environments
Diffstat (limited to 'security')
-rw-r--r--security/openssh-portable/files/patch-sshd.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/security/openssh-portable/files/patch-sshd.c b/security/openssh-portable/files/patch-sshd.c
index 08514d4eec49..17c74f2b06dc 100644
--- a/security/openssh-portable/files/patch-sshd.c
+++ b/security/openssh-portable/files/patch-sshd.c
@@ -8,8 +8,40 @@ configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
+r199804 | attilio | 2009-11-25 09:12:24 -0600 (Wed, 25 Nov 2009) | 13 lines
+Changed paths:
+ M /head/crypto/openssh/sshd.c
+ M /head/usr.sbin/cron/cron/cron.c
+ M /head/usr.sbin/inetd/inetd.c
+ M /head/usr.sbin/syslogd/syslogd.c
+
+Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
+environments.
+Please note that this can't be done while such processes run in jails.
+
+Note: in future it would be interesting to find a way to do that
+selectively for any desired proccess (choosen by user himself), probabilly
+via a ptrace interface or whatever.
+
+r206397 | kib | 2010-04-08 07:07:40 -0500 (Thu, 08 Apr 2010) | 8 lines
+Changed paths:
+ M /head/crypto/openssh/sshd.c
+
+Enhance r199804 by marking the daemonised child as immune to OOM instead
+of short-living parent. Only mark the master process that accepts
+connections, do not protect connection handlers spawned from inetd.
+
+
--- sshd.c.orig 2010-04-15 23:56:22.000000000 -0600
+++ sshd.c 2010-09-14 16:14:13.000000000 -0600
+@@ -46,6 +46,7 @@
+
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
++#include <sys/mman.h>
+ #include <sys/socket.h>
+ #ifdef HAVE_SYS_STAT_H
+ # include <sys/stat.h>
@@ -83,6 +83,13 @@
#include <prot.h>
#endif
@@ -24,6 +56,17 @@ Submitted by: dinoex
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
+@@ -1823,6 +1824,10 @@
+ /* Reinitialize the log (because of the fork above). */
+ log_init(__progname, options.log_level, options.log_facility, log_stderr);
+
++ /* Avoid killing the process in high-pressure swapping environments. */
++ if (!inetd_flag && madvise(NULL, 0, MADV_PROTECT) != 0)
++ debug("madvise(): %.200s", strerror(errno));
++
+ /* Initialize the random number generator. */
+ arc4random_stir();
+
@@ -1864,6 +1871,29 @@
signal(SIGCHLD, SIG_DFL);
signal(SIGINT, SIG_DFL);