dropbear: debug.h annotate

annotate debug.h @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.

author	Matt Johnston <matt@ucc.asn.au>
date	Sun, 30 Jan 2022 10:14:56 +0800
parents	3f80da5fe0b4
children	180e580778df

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24
1036 deed0571cacc DROPBEAR_ prefix for include guards to avoid collisions Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1015 diff changeset	25 #ifndef DROPBEAR_DEBUG_H_
deed0571cacc DROPBEAR_ prefix for include guards to avoid collisions Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1015 diff changeset	26 #define DROPBEAR_DEBUG_H_
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 /* Debugging */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 /* Work well for valgrind - don't clear environment, be nicer with signals
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 * etc. Don't use this normally, it might cause problems */
659 1e0414b29ce9 Fix accidentally committed change Matt Johnston <matt@ucc.asn.au> parents: 658 diff changeset	34 /* #define DEBUG_VALGRIND */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 /* All functions writing to the cleartext payload buffer call
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 * attempting to track down a problem */
343 ffbe6f691ca3 CHECKCLEARTOWRITE() can normally be defined blank Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	39 /*#define CHECKCLEARTOWRITE() assert(ses.writepayload->len == 0 && \
ffbe6f691ca3 CHECKCLEARTOWRITE() can normally be defined blank Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	40 ses.writepayload->pos == 0)*/
ffbe6f691ca3 CHECKCLEARTOWRITE() can normally be defined blank Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	41
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	42 #ifndef CHECKCLEARTOWRITE
343 ffbe6f691ca3 CHECKCLEARTOWRITE() can normally be defined blank Matt Johnston <matt@ucc.asn.au> parents: 179 diff changeset	43 #define CHECKCLEARTOWRITE()
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1358 diff changeset	44 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 /* A couple of flags, not usually useful, and mightn't do anything */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48 /#define DEBUG_KEXHASH/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 /#define DEBUG_RSA/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 /* you don't need to touch this block */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1036 diff changeset	52 #if DEBUG_TRACE
1358 6b89eb92f872 glaring wrapfd problems fixed Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	53 extern int debug_trace;
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 109 diff changeset	54 #define TRACE(X) dropbear_trace X;
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 659 diff changeset	55 #define TRACE2(X) dropbear_trace2 X;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 #else /DEBUG_TRACE/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 #define TRACE(X)
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 659 diff changeset	58 #define TRACE2(X)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 #endif /DEBUG_TRACE/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60
476 df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 428 diff changeset	61 /* To debug with GDB it is easier to run with no forking of child processes.
df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 428 diff changeset	62 You will need to pass "-F" as well. */
1677 e05c0e394f1d Make DEBUG_NOFORK a #if not #ifdef Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	63 #ifndef DEBUG_NOFORK
e05c0e394f1d Make DEBUG_NOFORK a #if not #ifdef Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	64 #define DEBUG_NOFORK 0
e05c0e394f1d Make DEBUG_NOFORK a #if not #ifdef Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	65 #endif
476 df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 428 diff changeset	66
df7f7da7f6e4 - Rework pubkey options to be more careful about buffer lengths. Needs review. Matt Johnston <matt@ucc.asn.au> parents: 428 diff changeset	67
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 /* For testing as non-root on shadowed systems, include the crypt of a password
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 * here. You can then log in as any user with this password. Ensure that you
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 * make your own password, and are careful about using this. This will also
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 * disable some of the chown pty code etc*/
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 /* #define DEBUG_HACKCRYPT "hL8nrFDt0aJ3E" / / this is crypt("password") */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 #endif

Mercurial > dropbear

annotate debug.h @ 1861:2b3a8026a6ce