openssh/openssh-7.2p2-seccomp_getuid.patch

# HG changeset patch
# Parent  4f03a27aa55b0beebf232844353779e182cd2497
add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
from being killed by the seccomp filter

diff --git a/openssh-7.2p2/sandbox-seccomp-filter.c b/openssh-7.2p2/sandbox-seccomp-filter.c
--- a/openssh-7.2p2/sandbox-seccomp-filter.c
+++ b/openssh-7.2p2/sandbox-seccomp-filter.c
@@ -142,16 +142,22 @@ static const struct sock_filter preauth_
 	SC_ALLOW(exit_group),
 #endif
 #ifdef __NR_getpgid
 	SC_ALLOW(getpgid),
 #endif
 #ifdef __NR_getpid
 	SC_ALLOW(getpid),
 #endif
+#ifdef __NR_getuid
+	SC_ALLOW(getuid),
+#endif
+#ifdef __NR_getuid32
+	SC_ALLOW(getuid32),
+#endif
 #ifdef __NR_getrandom
 	SC_ALLOW(getrandom),
 #endif
 #ifdef __NR_gettimeofday
 	SC_ALLOW(gettimeofday),
 #endif
 #ifdef __NR_madvise
 	SC_ALLOW(madvise),
Accepting request 398802 from home:pcerny:factory - upgrade to 7.2p2 - changing license to 2-clause BSD to match source - enable trusted X11 forwarding by default [-X11_trusted_forwarding] - set UID for lastlog properly [-lastlog] - enable use of PAM by default [-enable_PAM_by_default] - copy command line arguments properly [-saveargv-fix] - do not use pthreads in PAM code [-dont_use_pthreads_in_PAM] - fix paths in documentation [-eal3] - prevent race consitions triggered by SIGALRM [-blocksigalrm] - do send and accept locale environment variables by default [-send_locale] - handle hostnames changes during X forwarding [-hostname_changes_when_forwarding_X] - try to remove xauth cookies on exit [-remove_xauth_cookies_on_exit] - properly format pts names for ?tmp? log files [-pts_names_formatting] - check locked accounts when using PAM [-pam_check_locks] - chenge default PermitRootLogin to 'yes' to prevent unwanted surprises on updates from older versions. See README.SUSE for details [-allow_root_password_login] - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) [-disable_short_DH_parameters] - Add getuid() and stat() syscalls to the seccomp filter OBS-URL: https://build.opensuse.org/request/show/398802 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=103 2016-05-30 03:36:18 +02:00			`# HG changeset patch`
			`# Parent 4f03a27aa55b0beebf232844353779e182cd2497`
			`add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread`
			`from being killed by the seccomp filter`

			`diff --git a/openssh-7.2p2/sandbox-seccomp-filter.c b/openssh-7.2p2/sandbox-seccomp-filter.c`
			`--- a/openssh-7.2p2/sandbox-seccomp-filter.c`
			`+++ b/openssh-7.2p2/sandbox-seccomp-filter.c`
			`@@ -142,16 +142,22 @@ static const struct sock_filter preauth_`
			`SC_ALLOW(exit_group),`
			`#endif`
			`#ifdef __NR_getpgid`
			`SC_ALLOW(getpgid),`
			`#endif`
			`#ifdef __NR_getpid`
			`SC_ALLOW(getpid),`
			`#endif`
			`+#ifdef __NR_getuid`
			`+ SC_ALLOW(getuid),`
			`+#endif`
			`+#ifdef __NR_getuid32`
			`+ SC_ALLOW(getuid32),`
			`+#endif`
			`#ifdef __NR_getrandom`
			`SC_ALLOW(getrandom),`
			`#endif`
			`#ifdef __NR_gettimeofday`
			`SC_ALLOW(gettimeofday),`
			`#endif`
			`#ifdef __NR_madvise`
			`SC_ALLOW(madvise),`