Mercurial > dropbear
comparison runopts.h @ 1861:2b3a8026a6ce
Add re-exec for server
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.
Overhead (memory and time) is yet to be confirmed.
At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 30 Jan 2022 10:14:56 +0800 |
| parents | 94dc11094e26 |
| children | bfd0f3248df3 |
comparison
equal
deleted
inserted
replaced
| 1860:5001e9c5641f | 1861:2b3a8026a6ce |
|---|---|
| 70 | 70 |
| 71 char * bannerfile; | 71 char * bannerfile; |
| 72 | 72 |
| 73 int forkbg; | 73 int forkbg; |
| 74 | 74 |
| 75 /* ports and addresses are arrays of the portcount | 75 /* ports and addresses are arrays of the portcount |
| 76 listening ports. strings are malloced. */ | 76 listening ports. strings are malloced. */ |
| 77 char *ports[DROPBEAR_MAX_PORTS]; | 77 char *ports[DROPBEAR_MAX_PORTS]; |
| 78 unsigned int portcount; | 78 unsigned int portcount; |
| 79 char *addresses[DROPBEAR_MAX_PORTS]; | 79 char *addresses[DROPBEAR_MAX_PORTS]; |
| 80 | 80 |
| 81 int inetdmode; | 81 int inetdmode; |
| 82 /* Hidden "-2" flag indicates it's re-executing itself */ | |
| 83 int reexec_child; | |
| 82 | 84 |
| 83 /* Flags indicating whether to use ipv4 and ipv6 */ | 85 /* Flags indicating whether to use ipv4 and ipv6 */ |
| 84 /* not used yet | 86 /* not used yet |
| 85 int ipv4; | 87 int ipv4; |
| 86 int ipv6; | 88 int ipv6; |