rpm/vsftpd
SHA256
1
0
Fork 0
forked from pool/vsftpd
Code Pull Requests Activity
2eb78e3e0a
vsftpd/vsftpd-enable-fcntl-f_setfl.patch
Michal Vyskocil 4d064f5b44 Accepting request 162590 from home:mvyskocil:branches:network 
- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1)
  * this enabled a sendto on /dev/log socket when syslog is enabled
- provide more verbose explanation about isolate_network and seccomp_sanbox in
  config file template
- don't install init file on openSUSE 13.1+
- drop a build support for SL 10 and older

- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38)
  * drop CLONE_NEWPID from clone to enable audit system
- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406)
  * unconditionally enable F_SETFL patch - might be safe to do

OBS-URL: https://build.opensuse.org/request/show/162590
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=55
2013-04-04 10:09:44 +00:00

45 lines
1.3 KiB
Diff
Raw Blame History

From: Michal Vyskocil <mvyskocil@suse.cz>
Subject: Enable fcntl F_SETFL
The fcntl with F_SETFL is called from various parts of a vsftpd code, thus add
it unconditionally to seccomp sandbox. I've failed to limit it more, however
most arguments of F_SETFL are ignored on Linux and the remaining set seems to be
safe.
fixes: bnc#786024
---
seccompsandbox.c | 22 ++++++++++++++++++++++
5 files changed, 45 insertions(+), 6 deletions(-)
Index: vsftpd-3.0.2/seccompsandbox.c
===================================================================
--- vsftpd-3.0.2.orig/seccompsandbox.c
+++ vsftpd-3.0.2/seccompsandbox.c
@@ -306,6 +306,25 @@ seccomp_sandbox_setup_base()
/* Always need to be able to exit ! */
allow_nr(__NR_exit_group);
+
+ /*
+ * MV: this is needed for
+ * vsf_sysutil_activate_noblock
+ * vsf_sysutil_deactivate_noblock
+ *
+ * both called from various places (like all those die, bug in utilities),
+ * so lets enable it by default
+ */
+ allow_nr_1_arg_match(__NR_fcntl, 2, F_GETFL);
+ allow_nr_1_arg_match(__NR_fcntl, 2, F_SETFL);
+
+ /*
+ * MV: this form have newer worked, neither with O_RDWR, O_RDWR|O_NONBLOCK
+ * however fcntl(2) says that most of arguments to fcntl are ignored on Linux
+ * thus this might be safe to do
+ */
+ //allow_nr_2_arg_match(__NR_fcntl, 2, F_SETFL, 3, O_RDWR);
+
}
void
View Git Blame Copy Permalink