mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-27 15:54:22 +02:00
Deny (non-fatal) ipc in preauth privsep child.
As noted in openssh/openssh-portable#149, i386 does not have have _NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc, https://linux.die.net/man/2/ipc). Add this syscall, if present, to the list of syscalls that seccomp will deny non-fatally.
This commit is contained in:
parent
b110cefdfb
commit
30f704ebc0
@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = {
|
|||||||
#ifdef __NR_shmdt
|
#ifdef __NR_shmdt
|
||||||
SC_DENY(__NR_shmdt, EACCES),
|
SC_DENY(__NR_shmdt, EACCES),
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef __NR_ipc
|
||||||
|
SC_DENY(__NR_ipc, EACCES),
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Syscalls to permit */
|
/* Syscalls to permit */
|
||||||
#ifdef __NR_brk
|
#ifdef __NR_brk
|
||||||
|
Loading…
x
Reference in New Issue
Block a user