upstream: Split per-connection sshd-session binary

This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.

Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.

Joint work with markus@ feedback deraadt@

Tested in snaps since last week

OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c

1 files changed, 1 insertions, 16 deletions

diff --git a/sandbox-rlimit.c b/sandbox-rlimit.c
index 26c61d264..6bb4e56aa 100644
--- a/sandbox-rlimit.c
+++ b/sandbox-rlimit.c
@@ -37,7 +37,7 @@
 /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
 
 struct ssh_sandbox {
-	pid_t child_pid;
+	int junk;
 };
 
 struct ssh_sandbox *
@@ -51,8 +51,6 @@ ssh_sandbox_init(struct monitor *monitor)
 	 */
 	debug3_f("preparing rlimit sandbox");
 	box = xcalloc(1, sizeof(*box));
-	box->child_pid = 0;
-
 	return box;
 }
 
@@ -80,17 +78,4 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 #endif
 }
 
-void
-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
-{
-	free(box);
-	debug3_f("finished");
-}
-
-void
-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
-{
-	box->child_pid = child_pid;
-}
-
 #endif /* SANDBOX_RLIMIT */