openssh/openssh-7.6p1-seccomp_getuid.patch

32 lines
849 B
Diff
Raw Normal View History

2017-11-06 15:50:53 +01:00
# HG changeset patch
# Parent 004731f82470b22b9bd563ef3216034cf00ba133
add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
from being killed by the seccomp filter
diff --git a/openssh-7.6p1/sandbox-seccomp-filter.c b/openssh-7.6p1/sandbox-seccomp-filter.c
--- a/openssh-7.6p1/sandbox-seccomp-filter.c
+++ b/openssh-7.6p1/sandbox-seccomp-filter.c
@@ -173,16 +173,22 @@ static const struct sock_filter preauth_
SC_ALLOW(__NR_getpid),
#endif
#ifdef __NR_getrandom
SC_ALLOW(__NR_getrandom),
#endif
#ifdef __NR_gettimeofday
SC_ALLOW(__NR_gettimeofday),
#endif
+#ifdef __NR_getuid
+ SC_ALLOW(__NR_getuid),
+#endif
+#ifdef __NR_getuid32
+ SC_ALLOW(__NR_getuid32),
+#endif
#ifdef __NR_madvise
SC_ALLOW(__NR_madvise),
#endif
#ifdef __NR_mmap
SC_ALLOW(__NR_mmap),
#endif
#ifdef __NR_mmap2
SC_ALLOW(__NR_mmap2),