Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
This commit is contained in:
Lonnie Abelbeck
Damien Miller
parent
edd1d3a626
commit
3ef92a6574
|
|
@ -168,6 +168,15 @@ static const struct sock_filter preauth_insns[] = {
|
|||
#ifdef __NR_stat64
|
||||
SC_DENY(__NR_stat64, EACCES),
|
||||
#endif
|
||||
#ifdef __NR_shmget
|
||||
SC_DENY(__NR_shmget, EACCES),
|
||||
#endif
|
||||
#ifdef __NR_shmat
|
||||
SC_DENY(__NR_shmat, EACCES),
|
||||
#endif
|
||||
#ifdef __NR_shmdt
|
||||
SC_DENY(__NR_shmdt, EACCES),
|
||||
#endif
|
||||
|
||||
/* Syscalls to permit */
|
||||
#ifdef __NR_brk
|
||||
|
|
|
|||
Loading…
Reference in New Issue